Multi-version IE exploit announcedBy Justin Mann
It's an exciting day for IE users for sure, with the long-anticipated release of IE finally upon us. The fanfare roar is almost masking a bit of bad news concerning the release. While not exclusive to IE7, Secunia and others have made public a new IE vulnerability. This is not a very serious vulnerability in that it can render your system compromised, but it can result in someone accidentally releasing information they don't want to:
The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.
It affects currently updated machines, and affects both IE6 and IE7, even if you are fully up to date. Disabling active scripting renders you immune, but safe browsing habits will also help.