Microsoft has released its much awaited (i’m not sure if this is true) Internet Explorer 7 and not more than 24 hours have passed and its first vulnerability has been posted. Secunia released information regarding this new IE7 vulnerability. According to them, an error in the handling of redirections for URLs with the “mhtml” URI Handler caused this vulnerability. This can be exploited to access documents served from another web site.
The vulnerability however requires an access to a server where you can write HTTP headers, you will need to force a browser to go to a certain URL which will then redirect to another URL.
IE7 can be downloaded here.Update (Roberto Tayag, Fri, 20 Oct 2006 07:55:16 AM)
Apparently according to Microsoft, the vulnerability itself is in Outlook Express, IE7 is just a vector. This vulnerability is currently under investigation by Microsoft.
