Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

MICROSOFT

PoC Published for Internet Explorer 7 Vulnerability

- The flaw still has to be confirmed

By: Marius Oiaga, Technology News Editor

Proof of Concept code has been released in the wild for download today, 14 December 2006. The PoC is related to an alleged vulnerability affecting Internet Explorer 7. According to the
vulnerability reports, IE7 is vulnerable to DLL-load hijackings. According to Aviv Raff, the person that discovered the IE7, Microsoft was informed about the issue.

At the time of this article, an official comment from Microsoft was not available. Additionally, the vulnerability could not be confirmed as authentic. "It has been over a month since my last post regarding the IE7 vulnerability. The feedbacks to this issue were mixed. Some said it's an issue that should be fixed as soon as possible, other said it's a minor issue, a hoax or just "old news". Well, although I did not give the full information in my last post, it is definitely not a hoax, and as far as I know (and Google knows) no one ever informed about this specific issue in Internet Explorer," stated Raff.

Defending the authenticity of the IE7 vulnerability, Raff stated that "sqmapi.dll," "imageres.dll" and "schannel.dll" are DLL file names that can be used in a successful exploit of the IE7 DLL-load hijacking vulnerability. A Proof-of-Concept code for this vulnerability can be accessed via this link.

If you want additional details about the DLL-load hijacking IE7 vulnerability, they are available here.

MORE RELATED ARTICLES: Internet Explorer 7 Immune to October's Vulnerabilities Free IE6 VPC Windows XP SP2 = a Microsoft Success IE7 Redirected 1.2 Million Phishing Attacks in 2 Weeks Internet Explorer 7 Down – Firefox 2.0 Up Windows Live OneCare Updated with Anti-phishing Technology Activation Security Vulnerabilities in Internet Explorer 7 3.06 Percent Global Share for Internet Explorer 7 Upgrade to IE7 Optimized for Google The Internet Explorer 6 Virtual PC - Run IE6 and IE7 Side by Side IE7 Speaks Chinese and Hebrew
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

14th December 2006, 16:10 GMT | Copyright (c) 2006 Softpedia | Contact:
Read by 1,919 user(s) | Rating: | 7 vote(s) so far | Cast your vote:
PoC Published for Internet Explorer 7 Vulnerability - USER OPINIONS




We are sorry, there are no opinions available for this article.






SHARE YOUR OPINION ABOUT PoC Published for Internet Explorer 7 Vulnerability

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 



© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive