1 March 2007
Two flaws were discovered in Windows Vista and Internet Explorer 7.
Both were uncovered by FrSIR (French Security Incident Response Team) that rates them as "low risk". The Vista vulnerability is in a component that doesnít validate user privileges correctly and it allows attacker to steal personal data form PC. It also affects Windows XP, 2000 and Windows Server 2003.
The IE7 flaw is caused by errors in handling some "on unload" events. Cybercriminals could use it to trick user into visiting malicious website. The vulnerability is also exploitable in IE6. Microsoft hasnít published patches yet.