If IE 7 is installed on XP, it changes the way the OS handles links, when using % in some links, programs can be launched and thus malicious commands could be executed.
Not that the existence of a flaw like this would be a big issue (if fixed in a reasonable amount of time), the bigger problem seems to be, that MS doesn’t care about it AND pushes the distribution of IE 7 at the same time, thus making sure most XP systems will contain this security hole… I really don’t understand why someone would do this when he’s fully aware of the situation.
In other words, a large number of Windows XP users being affected by a serious security problem, which only occurs if they install Internet Explorer 7 and is not present at all in Vista, is not sufficient to justify an update. Microsoft prefers to sit back and watch while users and application developers struggle to secure Windows XP systems that behaved perfectly before IE7 was installed.
Seems to be another slight hint of the “upgrade to Vista”-sort. MS stated, that they try to spread IE 7 to make the Internet more secure (earlier when they released 7.0.5730.13). Coolio.
So, except a few applications who where updated accordingly (e.g. Firefox filters % links now), everything that passes URLs on to Windows can “suffer” from this.
So keep it in mind…
And according to a report on the security mailing list Bugtraq the IRC client mIRC is affected as well.
FileHippo.com- The H – Grand unified feed
- Report: Samsung to abandon Symbian
- Indictment for cloned debit card fraud
- Adobe fixes vulnerability in Photoshop Elements
- Mozilla releases Firefox 3.6 Beta 2
- A first impression of Microsoft's forensic tools that got away
- Slyck
-
Gallery
More Photos
No Comments Yet