__/ [ B Gruff ] on Saturday 07 October 2006 14:44 \__
> On Saturday 07 October 2006 13:16 Erik Funkenbusch wrote:
>
>>> The vulnerability is confirmed on a fully patched system with
>>> Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions
>>> may also be affected.
>>
>> But apparently not IE7. Just goes to show that Microsoft is reducing the
>> risks with IE7.
>
> Reducing the risks?
> Come on now, Erik - is IE7 risk-free, or is it full of risks?
>
> Security is a binary thing, remember?
http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news
"But browser testers may already be at risk, according to security researcher
Tom Ferris. Late Tuesday, Ferris released details of a potential security
flaw in IE 7. An attacker could exploit the flaw by crafting a special Web
page that could be used to crash the browser or gain complete control of a
vulnerable system, Ferris said in an advisory on his Web site. Microsoft had
no immediate comment on Ferris' alert."
|
|
