
Supposedly this vulnerability was known in IE6 months ago and somehow made it into IE7. Odd. Personally, I think IE7 vulnerabilities are of limited overall risk while the user-base remains small. Several months from now it’ll be a different story when migration is in full swing. As security researchers and hardcore fraudsters become familiar with the product internals the risk profile will change. The problem is while IE7 is probably far more secure than its predecessor, less bugs = good, this does not necessarily mean less risky for users.
3 comments:
Actually, it looks like this was found back in april.. and never patched.. and forgotten..
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2111
http://www.osvdb.org/25073
i guess that giant is only pretending to be asleep
and lol, it looks like i posted to the wrong blog >.> .. now i see why people choose to sleep daily rather than every other ^^
i wouldn't be surprised though if phishing sites have been using it for the past 6 months
and now i nap ..
hehe. I don't mind. :) Have a good sleep. ZZZZzzzzz
Post a Comment