Internet Explorer 7

Photographs courtesy of Toby Watt - lawyer, friend and photographer extraordinaire...

Welcome to IE-Vista

Dedicated to providing advice and support to users of IE7 and IE8

Internet Explorer 7 Knowledge Base

General information
Reported IE7 weaknesses and vulnerabilities
Knowledge Base Articles
Additional articles
Resources
For developers and system administrators

Other pages on this site

Pre-installation advice
IE7 in a corporate environment
Tips for if you have trouble installing IE7
Troubleshooting Internet Explorer after installation
Problems with Web sites that use Add-ons (Active X controls)
Problems with Web sites that won't work with IE7

General troubleshooting tips
Adjust the size of your cache and delete your History and Cookies
Third party software interference
Try spoofing IE6
Try a different Web browser
Other issues
Problems with favorites not appearing in the Organise Favorites window
Third party applications

Uninstalling IE7

Please also review Known Issues

General information

Microsoft has released IE7 to the general public:
http://www.microsoft.com/windows/ie/downloads/default.mspx

IE7 has been released via Automatic Updates:
http://msmvps.com/blogs/spywaresucks/archive/2006/11/02/236985.aspx

Also, WSUS:
http://msmvps.com/blogs/spywaresucks/archive/2006/11/02/237331.aspx

As languages other than English are released, you will find them here:
http://www.microsoft.com/windows/ie/worldwide/default.mspx

More info about other languages here:
http://blogs.msdn.com/ie/archive/2006/10/18/ie7-for-the-world.aspx

A history of Internet Explorer, showing how far we have come, is here (an article of mine published August 25, 2005):
http://www.microsoft.com/windows/ie/community/columns/historyofie.mspx

In the past, installing Internet Explorer required downloading a "stub" that would then download and install Internet Explorer.

This behaviour has changed for IE7. As noted at this URL:
http://www.microsoft.com/technet/updatemanagement/windowsupdate/ie7announcement.mspx

"Automatic Updates will notify all such users (including those with Automatic Updates configured to automatically download and install updates) when Internet Explorer 7 has been downloaded and is ready to install."

Turn on the IE7 desktop shortcut in Windows Vista

Create a Reg file with the following text - merge with the registry:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HideDesktopIcons\NewStartPanel]"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

You will need to refresh the desktop to see the shortcut (right click on desktop, select refresh).

Reported IE7 weaknesses and vulnerabilities

Vulnerability in Windows Animated Cursor Handling
http://www.microsoft.com/technet/security/advisory/935423.mspx

IE7 on Vista (when running with protected mode on) is not vulnerable. Note that if you have turned off UAC, you have also turned off Protected Mode for IE7.

This one is a problem. When IE7 loads a local resource (such as navcancel) and the URL includes a Web site, IE7 automatically removes the URL path of the local resource and leaves only a provided URL. This means that phishers could potentially spoof phishing sites.

Info here:
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx

MSIE browser entrapment vulnerability

Ok, *this* vulnerability demo is good. Unlike other IE7 vulnerabilities that have been reported that resulted in weird behaviour that made it obvious to all but the most unobservant user that something weird is going on, this one is pretty much impossible to spot.

That being said, to take advantage of the vulnerability you're going to have to convince somebody to visit a hostile site, and then convince the visitor to manually type a URL into the addressbar instead of using a link or favorite to go to a page, limiting its effectiveness.

The worst vulnerabilities are the ones that require no user interaction, or require user action that is normal behaviour. Now, although it is 'normal behaviour' to type URLs into an addressbar under some circumstances, and it is normal that people are advised to do so, it must be remembered that they are advised to do so **instead of clicking hyperlinks in an email**, not when at a Web site.

The demonstration is here:
http://lcamtuf.coredump.cx/ietrap/

The Secunia advisory is here:
http://secunia.com/advisories/23014/

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
(IE7 can be used as an infection vector)
http://msmvps.com/blogs/spywaresucks/archive/2006/11/05/247780.aspx

IE7 Window Injection "Vulnerability"
(By design behaviour that affects most Web browsers and operating systems)
http://msmvps.com/blogs/spywaresucks/archive/2006/10/30/228561.aspx

Internet Explorer 7 is stuck at the first run welcome page
http://msmvps.com/blogs/spywaresucks/archive/2006/10/19/188482.aspx

IE7 - will it be installed automatically on SBS2003 R2 systems running WSUS in its default configuration?
http://msmvps.com/blogs/spywaresucks/archive/2006/10/12/171459.aspx

Make HP Director software play nice with IE7:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/22/197647.aspx

Fix: Problems with IE and NitroPDF:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/21/193880.aspx

Keyboard shortcuts for IE7:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/21/193626.aspx

Windows Search Guide in IE7
http://blogs.msdn.com/ie/archive/2006/10/23/windows-search-guide-in-ie7.aspx

Slow Start Up
http://www.enhanceie.com/ie/troubleshoot.asp

Resources

Microsoft Virtual Lab Express: Exploring New Functionality in Internet Explorer 7
http://www.microsoftvirtuallabs.com/express/registration.aspx?LabId=8070972c-f6fe-48f9-ad44-e5a1d1c785ea

Information Index for IE7
http://msdn.microsoft.com/ie/infoindex/default.aspx

Internet Explorer 7 Quick Reference Guide
http://blogs.msdn.com/ie/attachment/715071.ashx

EnhanceIE.com - Add-ons, Tweaks, Troubleshooting & more
http://www.enhanceie.com/ie/

IE7 Solutions Center
http://support.microsoft.com/ph/8722

For developers and system administrators

Internet Explorer Readiness Toolkit
http://www.microsoft.com/downloads/details.aspx?familyid=D13EE10D-2718-47F1-AA86-1E32D526383D&displaylang=en

Internet Explorer 7 Administration Kit
http://www.microsoft.com/technet/prodtechnol/ie/ieak/ieak7/default.mspx

ActiveX Security Improvements and Best Practices - MSDN
http://msdn.microsoft.com/library/en-us/IETechCol/cols/dnexpie/activex_security.asp?frame=true

Cascading Style Sheet (CSS) Compatibility in IE7
http://msdn.microsoft.com/library/en-us/IETechCol/cols/dnexpie/ie7_css_compat.asp?frame=true

Automatic Delivery of IE7 for IT Professionals
http://www.microsoft.com/technet/updatemanagement/windowsupdate/ie7announcement.mspx

User Agent String Utility v2
http://www.microsoft.com/downloads/details.aspx?familyid=9517db9c-3c0d-47fe-bd04-fad82a9aac9f

Fiddler User Agent strings & test
http://www.fiddlertool.com/useragent.aspx

Home Page

Who owns this site?

Contact Sandi

Breaking News

Manage IE using Group Policy

↑ Grab this Headline Animator

Internet Explorer 8

Activities

WebSlices

InPrivate Mode

Visual Search

Compatibility View

Safety Filter

Automatic Crash Recovery

Under Construction

Resources

Internet Explorer Community

IE7 Knowledge Base

Support - IE6 and earlier

In Depth Articles

Known issues - IE7

Tabbed Browsing

Quick Tabs

Tab Groups and multiple home pages

Phishing Filter

RSS

Printing improvements
Toolbars and buttons
Secure Sites

Searching

All about Favorites

Delete browsing history

Page Zoom

Under the Hood

Parental Controls

Improved security in Vista

Enter your search terms

Web www.ie-vista.com

Submit search form

© Sandi Hardmeier. No content may be reproduced without the express written permission of the author.
Last Updated: 17 December, 2008

Welcome to IE-Vista

Dedicated to providing advice and support to users of IE7 and IE8