Tokyo Friendfinder
Tweet
A flaw that research firm Secunia ApS claimed to have discovered in Internet Explorer 7 just hours after its unveiling is not a browser bug after all, Microsoft said Thursday.
Instead, the problem lies in a component of Microsoft’s Outlook Express email client, which can be triggered by the browser.
The flaw could be used in phishing attacks to read sensitive information from the IE browser, Secunia said. The Danish security firm first reported the problem with the IE6 browser in April and found that it could be reproduced on IE7 as well. Secunia’s advisory can be found here.
Secunia does not consider the problem to be critical, but it was widely reported because its discovery came so soon after IE7’s launch.
“These reports are technically inaccurate,” wrote Christopher Budd, a security program manager with Microsoft, in a Thursday blog posting. “The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all.” Budd’s blog posting can be found here.
One security researcher said he was surprised that Microsoft had apparently not informed Secunia of the nature of this bug back in April, when it was first disclosed.
“They reported this in … April,” said Secure Network SRL Chief Technology Officer Stefano Zanero in an instant message interview. “Microsoft should have investigated then and should have already reported the bug to be not in IE.”
“How was Secunia supposed to know?” he asked.
A spokesman with Microsoft’s public relations agency could not say what response Microsoft had made to Secunia’s first report of the problem back in April. “All I can tell you is that the … blog is the latest and greatest information we have to share,” he said.
— Robert McMillan
01:25 PM 
Mark Hiratsuka •
PermalinkAdd a comment | More DWT | Get a cool job in Japan! | Follow us on Twitter
