This has to be some kind of a record. Microsoft’s alleged Firefox-killer IE7 has been out for less than 24 hours and someone’s found a vulnerability in it. Wasn’t IE7 supposed to fix all the horrible uncorrected security flaws that lurked in IE6?
On the plus side, the vulnerability isn’t terribly easy to exploit; it’s not going to lead to worms or botnets. On the negative side, this is an old and never-corrected IE6 vulnerability that somehow ended up in IE7 as well, so MS really have no excuse for this one.
This is likely to be terribly embarrassing for MS. I hope there aren’t a pile of other such problems lurking in the shadows. For one thing, we were all looking to IE7 as a beacon of MS’s new “secure coding practices”, and if it turns out to be as bad as IE6 then it doesn’t look good at all for Vista when it finally arrives.