RSSIE7 Final Vulnerable to Old Exploit
By Scott M. Fulton, III | Published October 19, 2006, 12:40 PM
UPDATE: Microsoft has responded to the issue, saying the flaw actually lies in Outlook Express. The company is investigating the situation.
Less than 24 hours after its final release, Internet Explorer 7 has been found to be vulnerable to an exploit dating back to November 2003, which was discovered affecting IE6 last April. The issue surrounds Microsoft's handling of MIME HTML resources, security company Secunia said in an advisory.
The vulnerability apparently involves a very simple trick where a call to a MIME HTML, or MHTML, resource can trigger the running of an executable file, even with high-level security settings.
An MHTML resource is a "Web archive" of multiple elements, often including media and sometimes (though not preferably) executable files. Through Microsoft browsers, it's addressed as a single resource with the extension .MHT.
A call placed to an .MHT resource is phrased using an old Microsoft two-part convention, where the location of the resource is separated from its identity with an exclamation point, not unlike similar syntaxes in Excel and earlier versions of Visual Basic.
As a researcher discovered in late 2003, Microsoft's default handling of this two-part convention also works the same way: if the location doesn't actually exist or cannot be resolved, the interpreter assumes the name of the resource exists on the local system. Thus, if the identity happens to be the name of a real executable file, it'll run.
Last April, another researcher informed Secunia that a version of the same vulnerability continued to plague IE6. At that time, the firm posted a non-malicious test page, to enable users to see whether their IE browsers were vulnerable. To this date, Secunia believes the IE6 vulnerability to be unpatched.
Apparently, the same test conducted on the final IE7 release revealed the new browser to be similarly vulnerable. Secunia rates this problem as "less critical," perhaps mainly because this is a trigger mechanism rather than a full-scale virus or Trojan. Conceivably, however, it could be utilized by malicious users within a more complete malware setup.
That's what you get when you bundle everything together on a poorly designed system that looks more like a swiss cheese mashup.
Internet Explorer 7 out to its first day at school and its zipper is wide open. So cute. Microsoft, you are innimitable!
Score: 0
|I love it.. I won 100 bucks. Why cuz I bet someone that an exploit would be found in less than 24 hours AND that it would be something that was previously found in IE6. HAHAHAHA Windows is about as safe as a screen door on a Submarine.
HAHAHA I LOVE IT!
Score: 0
|These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express
IE7 in Windows Vista is NOT affected by this bug
http://blogs.msdn.com/ie...rity-vulnerability.aspx
Score: 0
|Which only proves again how Microsoft is incapable of holding together that badly concieved OS of theirs with bundled borwsers.
Thank you for making the point.
Score: 0
|Why didn't this security firm say anything when IE7 was in beta? They just wait for the browser to be released. Those bas****s.
Score: 0
|Ran the test on my IE7 install and it says my browser is not vulnerable. I haven't done anything to the settings... ? Oh well.
Score: 0
|Is this not the same "bug" that Microsoft said was a feature, just like when you type an executable name into the address bar of IE it will launch the app. And really, if you build a virus or malware, are you going to wait to have it launch only when you visit a certain web site?
Score: 0
|I use IE7, come get me.
Score: 0
|Essentially this flaw, while marked "minor" can result in information disclosure. Hardly seems minor in this day and age of identity thelf and bot networks.
Oh well. Only took them two years, perhaps we'll see this addressed in Fall '08.
Score: 0
|and you were saying?
HAHAHAHAHAHAHAHAHAHAHAHA
Just another day in Microsux/Windoze world.
Score: 0
|and you were saying?
HAHAHAHAHAHAHAHAHAHAHAHA
Just another day in Microsux/Windoze world.
Who was saying what? You aren't responding to anyone. I'll just play the Mac excuse.
"But it isn't in the wild."
(this is a trigger mechanism rather than a full-scale virus or Trojan)
Score: 0
|You make yourself look like an imbecilic fanboy when you make posts like that. Seriously, how can anyone's life be so pathetic that news like this makes them that happy?
Score: 0
|If you were so proud of your Linucs, you'd let this misfeature slide like water off a penguin's back.
Score: 0
|