Browser Security News

Less than 24 hours after its final release, Internet Explorer 7 has been found to be vulnerable to an exploit dating back to November 2003, which was discovered affecting IE6 last April. The issue surrounds Microsoft’s handling of MIME HTML resources, security company Secunia said in an advisory.

The vulnerability apparently involves a very simple trick where a call to a MIME HTML, or MHTML, resource can trigger the running of an executable file, even with high-level security settings.

An MHTML resource is a "Web archive" of multiple elements, often including media and sometimes (though not preferably) executable files. Through Microsoft browsers, it’s addressed as a single resource with the extension .MHT. BetaNews | IE7 Final Vulnerable to Old Exploit