networkworld.com — Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack. "Somewhere in my blog, I embedded a proof-of-concept code which exploits this 0day vulnerability," Raff wrote.
May 7, 2008 View in Crawl 4
jeriqoMay 9, 2008
Digg users are full of frustration and jealousy, this is not surprising at all.
dustmuffinsMay 9, 2008
"Sweet jesus! It's getting closer!"
danboodroMay 9, 2008
"When triggered, Raff's proof-of-concept code launches two copies of Microsoft's calculator software on the victim's computer, but it could be altered to do something malicious."Divide by zero?
wallyhartshornMay 9, 2008
If you RTFA (*gasp*), you will see that he isn't keeping this a secret. He had already told Microsoft about the vulnerability, but after waiting a few days with no response, he decided to semi-publish the exploit as a way to put pressure on Microsoft to fix it more quickly.From RTFA:When he has followed Microsoft's responsible disclosure guidelines in the past, the company has been too slow to fix bugs, he said via instant message. "The last time I used their Responsible Disclosure policy it took them six months to fix one line of code."He says that he will be publishing details of the exploit on Wednesday.
luchidMay 9, 2008
Daok: market share for IE means NOTHING. Of course it's going to have the biggest market share, it's f**king shoved down everyone's throat, bundled in with Windows!
daokMay 9, 2008
FF is bundle with Ubuntu... Linux do the same... what's wrong?
lubinskiMay 12, 2008
Sorry wrong wording. Let me substitute in Microsoft. My Bad. They do have to be more agile though.