|
Posted by Karl Levinson, mvp on November 22, 2005, 9:11 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I do not believe that there is real malicous code flouting arround for
this,
> this has been a known issue since May.....I believe MS has marked it as
low
> and as such did nothing about it....typical.
You left out the reason why: "The vulnerability targeted by the exploit was
originally announced in May as a stability issue resulting in the browser
closing."
There are tons of ways an attacker could cause IE or any other browser to
lock up or shut down, and little reason for an attacker to want to do so. I
do not at all blame Microsoft for putting this vulnerability on the back
burner as it was known in May.
Many vulnerabilities are not fixed right away because Microsoft cannot
reproduce the vuln, which is the first step towards writing a patch. If the
finder is not available to work with Microsoft on reproducing the vuln, that
makes the task harder.
I could be mistaken, but I understand there is code out there [at the
frsirt.com site for example] and that Microsoft has confirmed the code.
Some people have reported problems getting the exploit code to work,
suggesting my "Microsoft cannot fix what they cannot repro" theory could be
correct.
| 
XML site map