Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

IE7 Final Vulnerable to Old Exploit

By Scott M. Fulton, III, BetaNews

October 19, 2006, 12:40 PM

UPDATE: Microsoft has responded to the issue, saying the flaw actually lies in Outlook Express. The company is investigating the situation.

Less than 24 hours after its final release, Internet Explorer 7 has been found to be vulnerable to an exploit dating back to November 2003, which was discovered affecting IE6 last April. The issue surrounds Microsoft's handling of MIME HTML resources, security company Secunia said in an advisory.

The vulnerability apparently involves a very simple trick where a call to a MIME HTML, or MHTML, resource can trigger the running of an executable file, even with high-level security settings.

An MHTML resource is a "Web archive" of multiple elements, often including media and sometimes (though not preferably) executable files. Through Microsoft browsers, it's addressed as a single resource with the extension .MHT.

A call placed to an .MHT resource is phrased using an old Microsoft two-part convention, where the location of the resource is separated from its identity with an exclamation point, not unlike similar syntaxes in Excel and earlier versions of Visual Basic.

As a researcher discovered in late 2003, Microsoft's default handling of this two-part convention also works the same way: if the location doesn't actually exist or cannot be resolved, the interpreter assumes the name of the resource exists on the local system. Thus, if the identity happens to be the name of a real executable file, it'll run.

Last April, another researcher informed Secunia that a version of the same vulnerability continued to plague IE6. At that time, the firm posted a non-malicious test page, to enable users to see whether their IE browsers were vulnerable. To this date, Secunia believes the IE6 vulnerability to be unpatched.

Apparently, the same test conducted on the final IE7 release revealed the new browser to be similarly vulnerable. Secunia rates this problem as "less critical," perhaps mainly because this is a trigger mechanism rather than a full-scale virus or Trojan. Conceivably, however, it could be utilized by malicious users within a more complete malware setup.

Add a Comment (13 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By 33Nick

posted Oct 20, 2006 - 12:41 PM

That's what you get when you bundle everything together on a poorly designed system that looks more like a swiss cheese mashup.

Internet Explorer 7 out to its first day at school and its zipper is wide open. So cute. Microsoft, you are innimitable!

Score: 0

By digitalmastermind

posted Oct 20, 2006 - 11:22 AM

I love it.. I won 100 bucks. Why cuz I bet someone that an exploit would be found in less than 24 hours AND that it would be something that was previously found in IE6. HAHAHAHA Windows is about as safe as a screen door on a Submarine.

HAHAHA I LOVE IT!

Score: 0

By Jill_y

posted Oct 20, 2006 - 10:57 AM

These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express
IE7 in Windows Vista is NOT affected by this bug
http://blogs.msdn.com/ie...rity-vulnerability.aspx

Score: 0

By 33Nick

posted Oct 20, 2006 - 12:42 PM

Which only proves again how Microsoft is incapable of holding together that badly concieved OS of theirs with bundled borwsers.

Thank you for making the point.

Score: 0

By Nathanm

posted Oct 19, 2006 - 4:27 PM

Why didn't this security firm say anything when IE7 was in beta? They just wait for the browser to be released. Those bas****s.

Score: 0

By huskers57

posted Oct 19, 2006 - 1:41 PM

Ran the test on my IE7 install and it says my browser is not vulnerable. I haven't done anything to the settings... ? Oh well.

Score: 0

By Austin814

posted Oct 19, 2006 - 1:34 PM

Is this not the same "bug" that Microsoft said was a feature, just like when you type an executable name into the address bar of IE it will launch the app. And really, if you build a virus or malware, are you going to wait to have it launch only when you visit a certain web site?

Score: 0

By THZGryphon

posted Oct 19, 2006 - 1:14 PM

I use IE7, come get me.

Score: 0

By mjm01010101

posted Oct 19, 2006 - 12:55 PM

Essentially this flaw, while marked "minor" can result in information disclosure. Hardly seems minor in this day and age of identity thelf and bot networks.

Oh well. Only took them two years, perhaps we'll see this addressed in Fall '08.

Score: 0

By GCoder

edited Oct 19, 2006 - 12:56 PM

and you were saying?

HAHAHAHAHAHAHAHAHAHAHAHA

Just another day in Microsux/Windoze world.

Score: 0

By XiND

posted Oct 20, 2006 - 4:38 AM

If you were so proud of your Linucs, you'd let this misfeature slide like water off a penguin's back.

Score: 0

By wincement

posted Oct 19, 2006 - 3:53 PM

You make yourself look like an imbecilic fanboy when you make posts like that. Seriously, how can anyone's life be so pathetic that news like this makes them that happy?

Score: 0

By Grazer

edited Oct 19, 2006 - 1:03 PM

and you were saying?
HAHAHAHAHAHAHAHAHAHAHAHA
Just another day in Microsux/Windoze world.

Who was saying what? You aren't responding to anyone. I'll just play the Mac excuse.
"But it isn't in the wild."
(this is a trigger mechanism rather than a full-scale virus or Trojan)

Score: 0

Nov 29 - 1:41 PM ET Teacher must still surrender license in bizarre 'exposure to porn' suit

Nov 26 - 9:19 PM ET Spambots edge back online post-McColo

Nov 26 - 9:17 PM ET Connecting the Black Friday dots: What to expect from CE retail

Nov 26 - 9:09 PM ET Google admits that its iPhone voice search breaks Apple's rules

Nov 26 - 5:15 PM ET Apple uses DMCA as a weapon against an open source iTunes hack

Nov 26 - 5:13 PM ET US DHS eases off its '10+2' import rules

Nov 26 - 5:08 PM ET IBM unveils 'cloud validation' to harden security and lower TCO

Nov 26 - 2:15 PM ET Thanks, EchoStar: TiVo nears its first profitable year

Nov 26 - 1:49 PM ET Google integrates Earth-like controls in new Maps interface

Nov 26 - 11:28 AM ET Mozilla developers readying one more beta cycle for Firefox 3.1