In a previous blog post I mentioned that some of the new features in IE7 would likely becomes vectors for vulnerabilities. The recent Black Tuesday (Microsoft Patch Tuesday) security bulletins confirmed my initial suspicions. Three vulnerabilities in the .NET framework were patched this Tuesday two of which affect IE7.
As stated previously IE7 added support for .NET applications so that .NET applications could be run from within the web browser. The recent vulnerabilities are sure to encourage other vulnerability researchers to dig deeper and find more vulnerabilities in .NET. I would not be shocked to see a trend in .NET vulnerabilities emerge as more and more people learn about the framework and begin to figure out ways of testing the framework for vulnerabilities.
a blog about current security vulnerabilities and technical subjects in general