Just one week after claiming that users of Microsoft's Internet Explorer 7 could be at risk to an online attack, Danish security vendor Secunia ApS is reporting a new bug in the browser.
The bug allows hackers to place a fake Web address in one of the browser's pop-up Windows, and could be used to trick a victim into inadvertently downloading something from what appeared to be a trusted Web site. Secunia has described the flaw in an advisory.
Based on its initial investigation, Microsoft believes that there is "an issue," a spokesman with the company's public relations agency said in an e-mail.
While the full URL (Uniform Resource Locator) of the Web page being displayed is present in the pop-up Window's address bar, the left part of this URL is not initially displayed, the spokesman said.
That problem could allow an attacker to spoof a legitimate Web site, Secunia said.
Microsoft's confirmation may come as a relief to Secunia which reported another problem in IE 7, just hours after the browser was released. Microsoft said Secunia's report was "technically inaccurate," however, because the flaw lay in a component of Microsoft's Outlook Express e-mail client, which could be triggered by the browser. Microsoft commented on this issue in a blog entry.
Neither of the bugs is considered to be particularly critical. But coming so soon after IE 7's launch, they are somewhat of an embarrassment to Microsoft, which has made much of its focus on delivering secure software.
Secunia was surprised that Microsoft called their first report erroneous, given that the flaw can only be triggered through the browser, said Thomas Kristensen, Secunia's chief technology officer. "From a technical point of view, Microsoft might be right, but from a user's point of view, or an administrator's point of view, it doesn't really matter. IE is the vector," he said. "It was probably unnecessary to go out and try to blame Outlook in that way."
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
1 Recommendation
