[The security hole allows for] full blown remote code execution, ... If a user browses to a bad Web site, malicious software can be installed on their PC without their knowledge.
It's a pretty nasty flaw.
Microsoft obviously takes way too long to fix flaws, ... All researchers should follow responsible disclosure guidelines, but if a vendor like Microsoft takes six months to a year to fix a flaw, a researcher has every right to release the details.
I have been e-mailed a couple of times by people asking for an exploit. This tells me the Trojan writers are out there looking for something.
I'm guessing they are working on a patch. Who knows, though?
It's not like any other flaw in IE?it's definitely different.
The reason I released the [proof of concept] is so that other researchers like myself can check out the bug, and maybe there is possibly a variant of this flaw that can be exploited.
Copyright © 2024 Electric Goat Media. All Rights Reserved.