Address Redirection Cause of IE7 Issue

By Scott M. Fulton, III | Published October 20, 2006, 4:02 PM

In a test conducted by BetaNews on a fresh installation of the release version of Internet Explorer 7, on a "clean" environment set up within Virtual PC 2004, the browser failed the MHTML content retrieval test. The issue involves redirecting the Web browser to a local resource.

In examining the source code of Secunia's page, we found that a JavaScript function first generates a resource location using pieces of strings, plus a randomly generated number as a throw-away parameter. The location points to a page that apparently triggers an HTTP 302 signal, purportedly that the site location has been rerouted. The problem occurs when the browser -- or some other component of the Web browsing process -- takes the address of the rerouting for granted. With recent versions of IE, including IE7 in our test, the browser pulls up the alternate address regardless of what it contains.

In Secunia's innocuous test, the browser appears to open up the source code for Google News. However, the call to Google News was placed locally, meaning the redirection successfully forced the browser to parse a local resource request. It could conceivably just as easily have placed a request to execute a program locally. In our tests, Firefox 1.5 successfully squelched the redirection call to a local resource. Yesterday, as we reported, Microsoft stated that the vulnerable component was actually attributable to Outlook Express, not Internet Explorer. Back in 2003, when the vulnerability was first discovered, Microsoft did direct users to download Outlook Express patches, although those patches may have successfully shut off the accessibility for that vulnerability through OE, rather than change the redirection function itself.

This evidence indicates that the source of the vulnerability is probably deeper than both OE and IE. As SecurityFocus noted in its first 2003 reports of a vulnerability affecting Outlook Express, Microsoft initially -- and perhaps ironically -- offered explanations that tried to shift at least some of the blame to Internet Explorer.

Microsoft said Thursday it is investigating the issue, and plans to provide further guidance to customers.

IE7 Vulnerability

Comments

Just a suggestion, until this is addressed. If you feel up to it, you can download 'DropMyRights' and use it as a quasi-prodect mode for Internet and Mail.
MSDN Download and info:
http://msdn.microsoft.co...html/secure11152004.asp

Score: 0

|

is this the same as the ...

make a shortcut to "notepad.exe" call it "www.hotmail.com"

then go to IE and enter "www.hotmail.com" and notepad pops up

Score: 0

|

I tried twice to install IE7 both the beta and the newly announced finished product. Both times I received an error in my SBC/ATT browser relating to a missing or corrupt dll file, so I restored to an earlier state thereby removing IE7 and haven't had any problems since. Fix your product before you put it on the market MICROSOFT!!!!

Score: 0

|

Would it not be simpler to not install buggy software on YOUR system? :)

Score: 0

|

"I received an error in my SBC/ATT browser relating to a missing or corrupt dll file, so I restored to an earlier state thereby removing IE7 and haven't had any problems since."

Isn't this a problem with your SBC/ATT browser, and not the IE7? If anybody here expects Microsoft to conform all of their code to work with the billions of third party software packages out there, and spend the years required to verify compatability all third-parties, raise your hand...

Score: 0

|

But it is easier to blame MS isn't it? :) It is ALWAYS MS' fault.

I am sure you did the same thing I did when you read kenswanbeck's comment...just shake your head in disbelief...

Score: 0

|

Why doesn't this work in Vista RC2 then? Does it not affect IE7 in that version? If/When IE7F is released over Windows Update there, I'll try it again...

Score: 0

|

Because Vista has Windows Mail, which ostensibly does not contain the buggy component in Outlook Express/IE that causes the problem.

Also, IE7 in Vista runs in "Protected Mode" that is designed to stop malicious attacks like this, even if there was a vulnerability to exploit.

Score: 0

|

Exactly.

Score: 0

|

Can Linux do BitLocker better than Windows 7?

Betanews kicks off a new series with a look at how the Linux operating system's FDE stacks up against BitLocker, the Windows feature that today commands a $120 premium.

Firefox 3.5: The need for speed

This has been the big payoff week for Mozilla's developers, who worked overtime to squeeze out the last drop of performance from their new JavaScript engine.

'GeoHot' gets a shower, cleans up nice, reveals new iPhone 3G S jailbreak

Either puberty has been very kind to the author of the new 'Purple Ra1n' jailbreak tool, or George Hotz may also have some adequate Photoshop skills.

What's Next: Obama gives 'Einstein' the go-ahead, while China gives 'Green Dam' a thumbs-down

Plus: If you put up a Web site and name it after you and you're a federal judge, you might not want a bunch of weird nudity hanging around on it.

Why would Windows 7 customers spend $120 more for BitLocker?

For pre-orders from now until July 11, Microsoft is offering the Windows 7 Professional SKU for a very steep discount. So why invest in Ultimate?

Geeks vs. journalists: A tale of two worldviews

Recovery with Angela Gunn Why geeks think most mainstream journalism is flaky, and why the mainstream thinks geeks are trying to kill them. (They're both right.)

Fire in downtown Seattle data center knocks out businesses, online services

Small fire has global impact with payment centers, city services down.

Hybrid satellite cell phones aren't far off

The first satellite in Terrestar's hybrid cellular/satellite phone network has been launched.

SMS could be a critical iPhone vulnerability, says white-hat hacker

Mac hacker Charlie Miller knows how to get into your iPhone.

Will Oracle's Java-based Fusion middleware 'fuse' with Java?

Now that Oracle has acquired Sun Microsystems, Java developers and supporters are wondering when Oracle will formally welcome Java into the family.

All together now: iPhone and Palm Pre, likely to both grace O2's UK portfolio

European wireless network operator O2 has reportedly reached a deal to exclusively carry the Palm Pre in the UK. O2,...

Vista's dead: Microsoft kills an OS and no one cares

Carmi Levy: Wide Angle Zoom Can you kill an operating system? Microsoft is about to find out.

Kantaris Media Player 0.5.7

July 3 - 5:34 PM ET

Wine 1.1.25

July 3 - 5:30 PM ET

ChrisTV Online! Free 4.00

July 3 - 5:22 PM ET

glu 1.0.19 RC1

July 3 - 5:11 PM ET

Website-Watcher 5.1.0 Beta 10

July 3 - 1:20 PM ET