The first IE7 bug: ridiculous!

Microsoft Internet Explorer 7 has only few hours of official life (at least for the final version) and a new bug was just discovered today.

I've just finished read from Secunia that Internet Explorer 7 has a "Redirection Information Disclosure" vulnerability, caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.

This vulnerability is classified as "less critical",  but what is really curios (or ridiculous?) is that (as signalled by Secunia) this vulnerability was also present on IE6 since April!!

Someone on Microsoft has forgot this patch in the past months? I'm sure that after the IE7 release all the anti-Microsoft's will be ready to discover IE7 bugs, but seeing that an old problem is again present on the last browser's release is not a good sign.

Have you installed IE7 and do you want to see the exploit in action? Secunia has a present for you with this demo page. Enjoy!

The result with IE7:

and the result with Firefox:

Print | posted on Thursday, October 19, 2006 6:42 PM