* Posts by skymt

1 publicly visible post • joined 16 Dec 2008

MS issues brown alert over unpatched IE 7 flaw

skymt
Stop

re: So, Microsoft...

You know this vulnerability is a buffer overflow, right? It has nothing to do with ActiveX or any sort of OS integration. It's simple code injection and execution, which can happen (and has happened) with any browser, even Firefox.

re: Steven Snape

That's what security zones are for. All Microsoft needs is a simpler UI around them, one that doesn't require going into the settings dialog to add a domain to a white/blacklist. Not that they would have prevented this bug (AFAIK it's in the parser, and exploitable without ActiveX or JavaScript), but they would be generally useful.