By INQUIRER newsdesk
19 October 2006
INSECURITY FIRM Secunia, has already found an insecurity in newly
The vulnerability can be exploited to disclose potentially sensitive
information the firm says, though it gives it just two out of five on
its criticality meter.
An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the
half-year old information disclosure vulnerability which allows
malicious sites to sneak on the content of other sites which hasn't been
patched in the brand new IE7 release."
The vulnerability is caused due to an error in the handling of
redirections for URLs with the "mhtml:" URI handler. This can be
exploited to access documents served from another web site, the firm
The firm posted an online demonstration, of the vulnerability here .
Visit the InfoSec News store!