__/ [ Rex Ballard ] on Saturday 07 October 2006 16:15 \__
> Erik Funkenbusch wrote:
>> On Sat, 7 Oct 2006 13:38:59 +0200, Roy Culley wrote:
>>
>> > begin risky.vbs
>> > <1tic4v676amwh.dlg@xxxxxxxxxxxxxxx>,
>> > Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> writes:
>> >>> http://hackersblog.itproportal.com/?p=352
>> >>
>> >> I dunno, i went to the test page, and clicked the button, and it
>> >> didn't crash my browser. I'm running IE7 RC1. The only thing that
>> >> happened was it asked me to run an unsafe ActiveX control, which i
>> >> didn't do.
>> >
>> > http://secunia.com/advisories/22159/
>> >
>> > Successful exploitation allows execution of arbitrary code.
>> >
>> > NOTE: Exploit code is publicly available.
>> >
>> > The vulnerability is confirmed on a fully patched system with
>> > Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions
>> > may also be affected.
>>
>> But apparently not IE7. Just goes to show that Microsoft is reducing the
>> risks with IE7.
>
> Yep. Another PERFECT example of Microsoft's "strategic" management of
> fixes, desgined to force-feed us new products designed to displace
> competitor products.
>
> Strategy here:
> FireFox is getting huge market share, up to 30% by some estimates.
> IE6 can't compete
> Force everybody to upgrade to IE7 by NOT fixing the bug in IE6
> Then make all comparisons between IE7 and FireFox.
>
> Or maybe just put little changes to critical libraries used by IE7 that
> make FireFox a little "buggy" (after all, it still has to call some of
> Microsoft's library routines).
>
> But of course we have to wait a while.
Internet Explorer 7 will be delivered as a "high priority" security update
(yes, to XP users who already have Firefox). The antitrust folks need to
wake up. The 'update' system is being misused; instead, it's used as a
marketing tool which hurts rivals. As Vista will fail to sell, it's
potentially more anti-competitive than the bundling of IE in /subsequent/
versions of Windows in order to combat Netscape.
Best wishes,
Roy
--
Roy S. Schestowitz | Linux: stop maintenance; get more actual work done
http://Schestowitz.com | Free as in Free Beer ¦ PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 1.01 1.04 1.02 1/149 1604
http://iuron.com - semantic search engine project initiative
|
|