Delen via


Vulnerability Reports in IE7?

The Microsoft Security Response Center has posted a blog entry that talks about this vulnerability that is being reported in the news in IE7. This is a publicly disclosed vulnerability which is actually in Outlook Express (OE) and uses Internet Explorer as a vector. Its not an issue with IE7 or any other version of IE. There's no known exploit that uses this vulnerability, one which is classified as 'less critical' by secunia.

Just to clarify, the claim that this is a vulnerability found in IE7 is incorrect. Its a known issue with OE and as of typing this blog post, its not being used by any malicious exploit to attack the user.

Cheers and happy browsing with IE7.

Ali

Comments

  • Anonymous
    October 20, 2006
    Hi! Hi! Regarding vulnerabilities and IE7. There seems to be some confusion about exactly what systems are affected by Vector Markup Language (VML) vulnerability (MS06-055 security bulletin).  The bulletin itself states that XP SP2 is affected, and you need to download the update. But if you  try to install the update on some XP SP2 machines running IE 7, it won't install. I wonder if you can send me into right direction on who to find a person who can get it clarified in the bulletin MS06-055 Marina Levshteyn marina@inspectsoft.com

  • Anonymous
    October 21, 2006
    Marina: The VML vulnerability that we shipped a fix for only affects IE6 on XPSP2. In the blog post that IE team made when we shipped the fix, we specifically mention that IE7 is not vulnerable. thank you for your post. Ali

  • Anonymous
    October 21, 2006
    The comment has been removed

  • Anonymous
    October 21, 2006
    I believe I’ve addressed my comment to a wrong person. If that is the case, please excuse me. It happened by accident. I was running the spell test in my outlook using work email in reply mode. I perfectly aware that your name is Ali! Thank you Marina

  • Anonymous
    October 28, 2006
    If the problem is with Outlook Express, them how do you fix it?

  • Anonymous
    October 30, 2006
    Kim: I believe the OE team is aware of this issue and they will be the ones who will fix it. The issue is in their protocol handler (mhtml). It will be prioritized and fixed according to the severity of the issue.