Tuesday, March 21, 2006

New bug can crash Internet Explorer

This is not just another in the seemingly unending stream of IE vulnerabilities. The talk on various security mailing lists and IRC channels makes this clear.

Secunia rates this fairly low, as do most other firms. Apparently, crashing the browser is all this flaw is capable of. Attackers evidently cannot execute arbitrary code, nor control the machine's operation using this flaw. Talk among my security oriented friends has been decidedly "ho-hum" because of that. Further, they state that the limited ability of this flaw to be exploited and the limited reward for doing so is directly due to MS having exerted some real effort toward hardening IE. So if you think MS' security initiatives are just talk, think again.

I don't think it is my job to defend MS in this or much else, but credit where credit is due is only fair.


No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.