We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Secunia claims second IE7 flaw

Microsoft admits browser security problem

Just one week after claiming that users of Microsoft's Internet Explorer 7.0 browser could be at risk to an online attack, Danish security vendor Secunia ApS is reporting a new bug in the browser.

The bug allows hackers to place a fake web address in one of the browser's pop-up Windows, and could be used to trick a victim into inadvertently downloading something from what appeared to be a trusted website. Secunia has described the flaw in an advisory, which can be found here.

Based on its initial investigation, Microsoft believes that there is "an issue", according to spokesman with the company's public relations agency.

While the full URL of the web page being displayed is present in the pop-up Window's address bar, the left part of this URL is not initially displayed, the spokesman said. That problem could allow an attacker to spoof a legitimate website, Secunia said.

Microsoft's confirmation may come as a relief to Secunia which reported another problem in IE7, just hours after the browser was released. Microsoft said that report was "technically inaccurate" because the flaw lay in a component of Microsoft's Outlook Express email client, which could be triggered by the browser.

Neither of the bugs is considered to be particularly critical. But coming so soon after IE7's launch, they are somewhat embarrassing to Microsoft, which has made much of its focus on delivering secure software.

Secunia was surprised that Microsoft called their first report erroneous, given that the flaw can be triggered only through the browser, said Thomas Kristensen, Secunia's chief technology officer. "From a technical point of view, Microsoft might be right, but from a user's point of view, or an administrator's point of view, it doesn't really matter. IE is the vector," he said. "It was probably unnecessary to go out and try to blame Outlook in that way."


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'