by CIO Staff

Security Flaw Discovered in IE7 Beta 2

Feb 02, 20061 min
IT Strategy

A story on yesterday reported that an independent security researcher by the name of Tom Ferris had discovered and pinpointed a denial-of-service flaw in Microsoft’s Internet Explorer (IE) 7 Beta 2 Preview.

Ferris, known online as “badpack3t,” found the flaw just moments after installing the new, security-centric browser.  Specially crafted HTML could lead to an IE7 crash, because the “file://” protocol was not properly parsed by “urlmon.dll,” eWeek reported.

“I’ve confirmed a denial-of-service at this point, but I’m sure someone malicious could research this some more to control memory at some point to cause code execution,” Ferris told eWeek.

A screenshot proving the browser crash is posted on the Security-Focus site, as well as a proof-of-concept demonstration.

For more on IE7 Beta 2 Preview’s release, read Microsoft Releases Internet Explorer 7 Beta.

-Al Sacco