First flaw in the IE 7
Date: October 20, 2006Source: csoonline.com
Danish security company Secunia reported Thursday that IE7 contains an information disclosure vulnerability, the same one it reported in IE6 in April. The vulnerability affects the final version of IE7 running on Windows XP with Service Pack 2.
If a surfer uses IE7 to visit a maliciously crafted website, that site could exploit the security flaw to read information from a separate, secure site to which the surfer is logged in. That could enable an attacker to read banking details, or messages from a Web-mail account, said Thomas Kristensen, Secunia’s chief technology officer.
"A phishing attack would be a good place to exploit this," he said.
One of the security features Microsoft touts for the new browser is the protection it offers users from phishing attacks.
Original article
Add comment
Email to a Friend
