Internet Explorer 7 Gets Patched, But Not By Microsoft
The Redmond company has yet to deliver a patch for the URI vulnerability found in Internet Explorer 7, reason enough for a security researcher to launch am unofficial patch of its own.
October 17, 2007
The vulnerability only affect computers running Windows XP and Windows Server 2003. Basically, if a user clicks on a malicious link and uses Internet Explorer 7, his PC could be completely compromised.
The fix is 16KB large and can be downloaded from here. However, be advised that while the update might patch the flaw, it might also open a Padora's box of computer problems. The warning issued by the creator basically spells that you are a daring person if you choose to install his software:
“The present patch is dramatically under-tested and it has undergone no quality assurance procedure whatsoever, so please deploy with the greatest care. It has a very good chance of misbehaving and making your system unusable; should this happen, rebooting in safe mode with command prompt might make it possible to uninstall it, or it might as well not.”
The researcher adds that his fix prevents the execution of malformed URLs and enforces normalization of valid URL. As it follows, it is most-likely to interfere “to the point of unusability” with programs registering custom URL schemes, given the fact that such software might lack support for normalized URLs.