Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: [SOLVED, kinda]Internet Explorer 8; Windows 7

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
securd [SOLVED, kinda]Internet Explorer 8; Windows 7
Member 15th Nov, 2009 15:37
Ranking: 0
Posts: 8
User Since: 15th Nov, 2009
System Score: N/A
Location: N/A
Last edited on 28th Nov, 2009 17:40

Regarding Secunia Advisory SA24314.
Windows 7 not affected. Doesn't consider that in latest PSI tho.

Edit (added more info):
The patch for that vuln is located at

http://www.microsoft.com/downloads/details.aspx?di...

and on the link below you can see that windows 7 (both 32 and 64 bit systems) running IE 8 are not affected.

http://www.microsoft.com/technet/security/bulletin...

EDIT: Vulnerability confirmed, Windows 7 and I guess other OS are vulnerable. There is no patch. Latest version of IE is vulnerable. We can expect a patch with IE 9. For more info visit http://securethoughts.com/2009/05/exploiting-ie8-u... .

securd RE: Internet Explorer 8; Windows 7
Member 25th Nov, 2009 20:41
Score: 0
Posts: 8
User Since: 15th Nov 2009
System Score: N/A
Location: N/A
WTF? no reply? how is this problem supposed to be fixed?
Was this reply relevant?
+0
-0
Anthony Wells RE: Internet Explorer 8; Windows 7
Expert Contributor 25th Nov, 2009 20:56
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Nov, 2009 21:13

Your first link is for XP and the second dates back to August 04 2009 (pre 7) so WTF is your question ??

FWIW IE 7 on XP SP3 shows a highly critical unpatched vulnerability in "secure browsing" since yesterday in SA 37448 - quote" other versions may be affected" unquote . Same quote in SA 24314 which dates back to MAY 2009 and remains unpatched.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
securd RE: Internet Explorer 8; Windows 7
Member 25th Nov, 2009 21:28
Score: 0
Posts: 8
User Since: 15th Nov 2009
System Score: N/A
Location: N/A
My question, kind sir, is that my windows 7 system's browser is said to be vulnerable and what is pointed out is SA24314 (which doesn't affect windows 7). And yes, the patch is for xp, windows 7 is not vulnerable. WINDOW$ 7 is not vulnerable and that is why I write here so this can be fixed in the PSI.
Thank you for your reply Anthony, really appreciate it.
Was this reply relevant?
+0
-0
Anthony Wells RE: Internet Explorer 8; Windows 7
Expert Contributor 25th Nov, 2009 21:41
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

If your question is why Secunia have not updated their rules re SA 24314 for IE8 in Windows 7 and they don't pick it up from this thread now (they do not always , especially if the post is not clear nor seemingly "critical") , then why not contact them direct at support@secunia.com and tell them why they are incorrect and ask them to update their detection rules .

It does not concern me , so I may have missed the fact that the vulnerability in in IE 8 had gone away .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer 8; Windows 7
Handling Contributor 25th Nov, 2009 21:53
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It has not gone away.

Your Windows 7 should not being showing as vulnerable. What should be showing is IE8 embedded in Windows 7 as vulnerable.

SA24314 has been ongoing since 26/2/2007 - It refers to IE Charset Inheritance Cross Site Scripting which affects IE 6,7 & 8 regardless of what the OS is.

Your links do not refer to an update for SA23414. They point to fixes for these issues:

Memory Corruption - CVE 2009 - 1917
HTML Object Memory Corruption - CVE 2009 - 1918
Uninitialized Memory Corruption - CVE 2009 1919

The minor issue with SA24314 remains unpatched & Secunia are showing it correctly.

Not sure why I bothered explaining - I do not normally respond to people who use expletives in the full knowledge that ladies use this Forum.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: Internet Explorer 8; Windows 7
Expert Contributor 25th Nov, 2009 22:19
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


Spoils my fun ; one less hassle for Secunia ; mea culpa !:o))

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
securd RE: Internet Explorer 8; Windows 7
Member 26th Nov, 2009 07:15
Score: 0
Posts: 8
User Since: 15th Nov 2009
System Score: N/A
Location: N/A
Maurice thank you for your reply. My browser is shown as insecure, that is correct. Second, the patch I gave link to seemed to fix that same problem (read about it in a tread in the forum). Third although I read what the vuln was I don't really care that it is OS independent, MS say it does not affect windows 7 in their bulletin. Thank you for your explanation it made some stuff clear. And my 'expletive' was rather a phrase conveying no independent meaning but added to fill out the sentence, sorry for the bad language, had been waiting for such a professional answer for days now.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer 8; Windows 7
Handling Contributor 26th Nov, 2009 10:11
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 26th Nov, 2009 10:25
Thank you. I must say I am amazed that Microsoft have released a new OS with a browser that clearly has a long standing security issue.

I personally consider it minor - but a vulnerability is just that & they should really fix it.

Given that this issue started well before the Windows 7 release date I can only assume they have not updated all their paperwork which has led to some confusion or does it mean a fix is round the corner & they are not bothering!

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
securd RE: Internet Explorer 8; Windows 7
Member 26th Nov, 2009 11:32
Score: 0
Posts: 8
User Since: 15th Nov 2009
System Score: N/A
Location: N/A
I'll see into the vuln and try to exploit it myself when I have time. Going to hit you back with the result here :-)
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer 8; Windows 7
Handling Contributor 26th Nov, 2009 11:34
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Thank U.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
securd RE: Internet Explorer 8; Windows 7
Member 28th Nov, 2009 17:36
Score: 0
Posts: 8
User Since: 15th Nov 2009
System Score: N/A
Location: N/A
Last edited on 28th Nov, 2009 17:42
Yep, Cross OS vulnerability, same IE code, latest version of IE vulnerable. Microsoft released a fix for IE 8 but since microsoft coders fail at life the PATCHED version could be exploited in a way.
http://securethoughts.com/2009/05/exploiting-ie8-u... is where everything is explained.
Expect a patch with IE 9. Ha ha. Anyway thanks for your help guys...
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability