Microsoft blames IE7 vulnerability on Outlook Express
Redmond (WA) - Microsoft is blaming a recently reported Internet Explorer 7 vulnerability on Outlook Express. Internet Explorer 7 was released a few days ago, but it took less than 24 hours for Secunia, a security research company, to announce a vulnerability. The vulnerability could allow hackers to gain confidential information by redirecting web traffic to other sites.
You can read the Secunia's advisory here. According to Secunia, the vulnerability affects fully patched Windows XP systems with Service Pack 2.
Christopher Budd from the Microsoft Security Response Center responded to the announcement by blaming the problem on Outlook Express. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express," said Budd.
Thomas Kristensen, Secunia's CTO, disagrees with Budd and said that the vulnerability is "fully exploitable" through IE7 and adds that IE7 is "the primary attack vector, if not the only attack vector."
You can download Internet Explorer 7 from Microsoft's website here.