IE7 old Zero day flaw.

http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/


If anyone passes this flaw with whatever security they are running, please post.

 

Please don't post duplicates

Your other thread has been removed.

Regards;

Steve

********************* Response to Question Below ********************************

Kye-U likely has a filter written for Proxomitron for this exploit as it was also present in IE 6. Securnia does provide as solution if you are concerned ...

Use the internet zones to your advantage and set this option accordingly.

 

As is the usual recommendation for these type vulnerabilities....disable active script. Of course that in itself is a band-aid until Microsoft deems it necessary to fix.

 

Like I said before....post if your SECURITY passes the test.

 

Like what was posted before....It's a flaw in IE that can pass the test by setting active script to disable. What other "SECURITY" should anyone be concerned about when it's a vulnerability in IE

 

I had to put the test page to the trusted in order to run the javascript and my IE7 passed.
In Trusted Active Scripting is Enabled, but other useless scripting is disabled, TV or radio works.

 

An inappropriate post was removed.

Bubba

 

Full article is here:

http://www.pcworld.com/article/id,127564-page,1/article.html

 

And here too:
http://www.smh.com.au/news/biztech/flaw-found-in-new-ie-browser/2006/10/20/1160851102498.html

 

Re: IE7 installation

http://secunia.com/advisories/22477
http://www.theregister.com/2006/10/19/ie7_release/

 

Re: IE7 installation

Some may want to read this!
Just another perfectly safe product released fresh from Microsoft!
http://www.techspot.com/news/23259-multiversion-ie-exploit-announced.html

 

What´s up with everone linking to the same info, over and over again.

But anyway, I´m surprised to see that no one has mentioned yet that this is quite easy to fix with a tool like BugOff, you can disable the MHTML protocol with this tool, and if you need it, you can enable it with only one click (and a browser restart).

I have disabled everything except the Wscript-Shell object, because a couple of Maxthon plugins would´t work anymore. Of course some sites do also not work correctly when the XMLHTTP object is disabled, but I´m not taking any risks, I´m not sure if they have patched this already. But in IE7 you will not need this ActiveX control anyway.

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/BugOff.shtml
http://blogs.msdn.com/ie/archive/2006/01/23/516393.aspx