I have been e-mailed a couple of times by people asking for an exploit. This tells me the Trojan writers are out there looking for something.
Tom Ferris
I am walking a fine line, but I am doing it very carefully because I am not disclosing actual vulnerability details,.. I do this to inform users that flaws still do exist in IE..I don't like it that Microsoft tries to give users a nice warm feeling that they are disclosing everything researchers report to them.
walking nice flaws feeling exist vulnerability give details
Microsoft obviously takes way too long to fix flaws,.. All researchers should follow responsible disclosure guidelines, but if a vendor like Microsoft takes six months to a year to fix a flaw, a researcher has every right to release the details.
flaws responsible details
The reason I released the [proof of concept] is so that other researchers like myself can check out the bug, and maybe there is possibly a variant of this flaw that can be exploited.
reason
It's a pretty nasty flaw.
pretty
It's not like any other flaw in IE?it's definitely different.
I'm guessing they are working on a patch. Who knows, though?
patch working
people writers times
[The security hole allows for] full blown remote code execution,.. If a user browses to a bad Web site, malicious software can be installed on their PC without their knowledge.
security knowledge bad execution code software
You must log in to post a comment.
There are no comments yet.