Windows Caused IE7/Firefox URI Handling Bug

An exploitable bug discovered earlier this month that was first believed to have been caused by Internet Explorer 7.0, before Mozilla was forced to admit that it afflicted Firefox as well, has apparently been traced back to a Windows API function. The discovery may have been first revealed through the US-CERT Web site of the […]

Share online:

An exploitable bug discovered earlier this month that was first believed to have been caused by Internet Explorer 7.0, before Mozilla was forced to admit that it afflicted Firefox as well, has apparently been traced back to a Windows API function.

The discovery may have been first revealed through the US-CERT Web site of the Dept. of Homeland Security, which now classifies it as a "Microsoft Windows URI protocol handling vulnerability." The function in question is an old favorite of malware writers: ShellExecute(), which was the subject of a notorious Windows 2000 exploit four years ago.

While Microsoft has yet to issue an official statement or bulletin making this discovery clear, it probably advised US-CERT with regard to its existence. The official government site this morning reads, "We are currently unaware of a practical solution to this problem."

Full Article

Microsoft, Windows, Internet Explorer 7, IE7, Firefox, Mozilla, URI Handling Bug, Vulnerability, Bug, Security, Flaw

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.