IE7's reputation as the "most secure Microsoft browser ever" took another bashing when Danish security company Secunia announced that they had found another potentially nasty flaw in the software. This flaw makes it possible for special characters to be added to the end of the web address so that only a part of the URL is displayed. Malicious bad guys could exploit this flaw to put a fake web address in a pop-up window, thereby tricking people into downloading from what looks like a secure website. This could lead to malware being downloaded and installed which could make the machine part of a botnet army, for example.
Based on its initial investigation, Microsoft believes that there is "an issue", according to spokesman with the company's public relations agency.
Secunia is currently unaware of any exploit using this flaw, but claims to be keeping an eye on it. The disclosure of this flaw follows a similar incident last week, where Secunia said it had found a hole in the browser. Microsoft claimed that that particular flaw lay in a component of Microsoft's Outlook Express email client instead, and that the flaw was simply triggered by the browser, rather than technically residing inside the browser itself. Nevertheless, it is clear that the release of IE7 has not drawn a halt to the torrent of security problems facing Windows users.