IE7 Final Vulnerable to Old Exploit

25/10/2006 - 20:14 por Ivan | Informe spam
UPDATE: Microsoft has responded to the issue, saying the flaw actually lies
in Outlook Express. The company is investigating the situation.

Less than 24 hours after its final release, Internet Explorer 7 has been
found to be vulnerable to an exploit dating back to November 2003, which
was discovered affecting IE6 last April. The issue surrounds Microsoft's
handling of MIME HTML resources, security company Secunia said in an

The vulnerability apparently involves a very simple trick where a call to a
MIME HTML, or MHTML, resource can trigger the running of an executable
file, even with high-level security settings.

An MHTML resource is a "Web archive" of multiple elements, often including
media and sometimes (though not preferably) executable files. Through
Microsoft browsers, it's addressed as a single resource with the extension

A call placed to an .MHT resource is phrased using an old Microsoft
two-part convention, where the location of the resource is separated from
its identity with an exclamation point, not unlike similar syntaxes in
Excel and earlier versions of Visual Basic.

As a researcher discovered in late 2003, Microsoft's default handling of
this two-part convention also works the same way: if the location doesn't
actually exist or cannot be resolved, the interpreter assumes the name of
the resource exists on the local system. Thus, if the identity happens to
be the name of a real executable file, it'll run.

Last April, another researcher informed Secunia that a version of the same
vulnerability continued to plague IE6. At that time, the firm posted a
non-malicious test page, to enable users to see whether their IE browsers
were vulnerable. To this date, Secunia believes the IE6 vulnerability to be

Apparently, the same test conducted on the final IE7 release revealed the
new browser to be similarly vulnerable. Secunia rates this problem as "less
critical," perhaps mainly because this is a trigger mechanism rather than a
full-scale virus or Trojan. Conceivably, however, it could be utilized by
malicious users within a more complete malware setup.

Leer las respuestas

#1 Ivan
25/10/2006 - 20:56 | Informe spam
I have been contacted by a Microsoft's spokesperson about the "IE7 bug" which technically is an Outlook Express bug. In Vista this bug is fixed, for Windows XP this fix is underway.

Official Statement: Microsoft is aware of public reports of a vulnerability in Outlook Express which is currently under investigation. Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at
this location:

As always, Microsoft encourages customers to follow its "Protect Your PC" guidance of enabling a firewall, applying all security updates and installing anti-virus software. Customers can learn more about these steps at

Saludos cordiales. Ivan

Preguntas similares