mailing list archives
Microsoft: IE hole worse than reported
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sat, 7 Dec 2002 10:37:21 -0500
Microsoft on Friday raised its threat rating for a security flaw in its
Internet Explorer browser to "critical," in response to criticism of its
initial assessment of the hole's danger.
A representative of Microsoft, which has come under fire for its
security policies, said the company had changed its original rating of a
flaw in IE versions 5.5 and 6 as a result of comments posted to the
Bugtraq online bulletin board by a security consultant.
As previously reported by CNET News.com, Thor Larholm, a vulnerability
researcher with security consultancy Pivx Solutions questioned
Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum
"Microsoft has given this vulnerability a maximum severity rating of
moderate," Larholm wrote. "Great, so arbitrary command execution, local
file reading and complete system compromise is now only moderately
severe, according to Microsoft."
Full-Disclosure - We believe in it.
- Microsoft: IE hole worse than reported Richard M. Smith (Dec 07)