Full Disclosure mailing list archives
Microsoft: IE hole worse than reported
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sat, 7 Dec 2002 10:37:21 -0500
http://news.com.com/2100-1001-976440.html?tag=fd_top Microsoft on Friday raised its threat rating for a security flaw in its Internet Explorer browser to "critical," in response to criticism of its initial assessment of the hole's danger. A representative of Microsoft, which has come under fire for its security policies, said the company had changed its original rating of a flaw in IE versions 5.5 and 6 as a result of comments posted to the Bugtraq online bulletin board by a security consultant. As previously reported by CNET News.com, Thor Larholm, a vulnerability researcher with security consultancy Pivx Solutions questioned Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum posting. "Microsoft has given this vulnerability a maximum severity rating of moderate," Larholm wrote. "Great, so arbitrary command execution, local file reading and complete system compromise is now only moderately severe, according to Microsoft." ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft: IE hole worse than reported Richard M. Smith (Dec 07)