Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Microsoft: IE hole worse than reported
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sat, 7 Dec 2002 10:37:21 -0500

http://news.com.com/2100-1001-976440.html?tag=fd_top

Microsoft on Friday raised its threat rating for a security flaw in its
Internet Explorer browser to "critical," in response to criticism of its
initial assessment of the hole's danger. 

A representative of Microsoft, which has come under fire for its
security policies, said the company had changed its original rating of a
flaw in IE versions 5.5 and 6 as a result of comments posted to the
Bugtraq online bulletin board by a security consultant. 

As previously reported by CNET News.com, Thor Larholm, a vulnerability
researcher with security consultancy Pivx Solutions questioned
Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum
posting. 

"Microsoft has given this vulnerability a maximum severity rating of
moderate," Larholm wrote. "Great, so arbitrary command execution, local
file reading and complete system compromise is now only moderately
severe, according to Microsoft." 

...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Microsoft: IE hole worse than reported Richard M. Smith (Dec 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]