Researchers Already Scouring IE 7.0 For Holes

As soon as Microsoft released IE 7.0 Beta 2 Preview researchers went to work looking for security holes, and Tom Ferris found one.

"I saw that Microsoft released IE 7.0 Beta 2 to the public today. So, I figured I would give it a quick look at and I just happened to find something within the first 15 minutes into testing," Ferris wrote.

According to Ferris, IE 7.0 incorrectly parses "BGSOUND SRC" tags, which allowed him to easily craft a special HTML file that crashes the browser. Ferris said he notified Microsoft of the problem. He also published complete details of the vulnerability, writing tongue-in-cheek, "\[Why\] release an advisory on a beta product? Well, why not?" Ferris went on in the same tone to suggest that a workaround for the problem is to use Firefox.

Bugs in beta software are not uncommon and Microsoft will undoubtedly fix the problem before the browser is offically released. In the meantime let's hope that the company more thoroughly checks the browser for potential weak points.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish