Monday, April 24, 2006

Another Zero-Day Bug For Microsoft Internet Explorer

Microsoft's Internet Explorer, which was just patched with 10 fixes two weeks ago, suffers from yet another zero-day vulnerability that can be exploited remotely, security firm Symantec said Monday. In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability first posted to the Bugtraq security mailing list by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML. HTML content that contains nestedtags without the corresponding closure tags, said Symantec's alert, can trigger the bug. "An attacker could exploit this issue via a malicious A fully-patched version of IE 6 for Windows More Here and don't forget about this exploit. Personaly, just ditch IE John C. Dvorak posits that nothing qualifies more as Microsoft's greatest blunder than Internet Explorer. Browser wars aside, the web browser from Redmond is the source of a great many of Microsoft's problems.

"All of Microsoft's Internet-era public-relations and legal problems (in some way or another) stem from Internet Explorer," Dvorak says. "If you were to put together a comprehensive profit-and-loss statement for IE, there would be a zero in the profits column and billions in the losses column—billions." Dvorak suggests that Microsoft's ongoing obsession with the browser is bad business and that it should yank Internet Explorer out of OS and immediately cease development. "People will not stop buying Microsoft Windows if there is no built-in browser. Opera and/or Firefox can be bundled with the OS as a courtesy, and all the defaults can lead to Microsoft.com if need be," he says, going on to note what we all know to be true: it'll never happen, and Microsoft "will forever be plagued by its greatest blunder ever."


Post a Comment

Links to this post:

Create a Link

<< Home