Where is the IE zero day exploit in the news...

Has anyone notice that there is not a single meantion of the latest IE vuln
in the news (popular news sites like cnn, yahoo, bbc, etc)???

Imhotep

Imhotep

Imhotep wrote:

> Has anyone notice that there is not a single meantion of the latest IE
> vuln in the news (popular news sites like cnn, yahoo, bbc, etc)???
>
> Imhotep

....still waiting for popular news sites to carry the article. Could it be
that MS is putting on the pressure not to carry the article, in popular
news sites, UNTIL there is a fix? Could it be that they are trying to
prevent more IE to Firefox converts? Say it ain't so....say it ain't so....


Imhotep

Imhotep

Imhotep wrote:
> Has anyone notice that there is not a single meantion of the
> latest IE vuln in the news (popular news sites like cnn, yahoo,
> bbc, etc)???

Imhotep wrote:
> ...still waiting for popular news sites to carry the article. Could
> it be that MS is putting on the pressure not to carry the article,
> in popular news sites, UNTIL there is a fix? Could it be that they
> are trying to prevent more IE to Firefox converts? Say it ain't
> so....say it ain't so....

....

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan Stanley

"Imhotep" <> wrote in message
news:WdqdnaASvKUDahTeRVn-...

>> Has anyone notice that there is not a single meantion of the latest IE
>> vuln in the news (popular news sites like cnn, yahoo, bbc, etc)???

> ...still waiting for popular news sites to carry the article. Could it be
> that MS is putting on the pressure not to carry the article, in popular
> news sites, UNTIL there is a fix? Could it be that they are trying to
> prevent more IE to Firefox converts? Say it ain't so....say it ain't
> so....

This vulnerability affects Firefox as well. So it's not really an "IE
vuln."

http://xforce.iss.net/xforce/xfdb/20783

karl levinson, mvp

karl levinson, mvp wrote:

>
> "Imhotep" <> wrote in message
> news:WdqdnaASvKUDahTeRVn-...
>
>>> Has anyone notice that there is not a single meantion of the latest IE
>>> vuln in the news (popular news sites like cnn, yahoo, bbc, etc)???
>
>> ...still waiting for popular news sites to carry the article. Could it be
>> that MS is putting on the pressure not to carry the article, in popular
>> news sites, UNTIL there is a fix? Could it be that they are trying to
>> prevent more IE to Firefox converts? Say it ain't so....say it ain't
>> so....
>
> This vulnerability affects Firefox as well. So it's not really an "IE
> vuln."
>
> http://xforce.iss.net/xforce/xfdb/20783


Nice try but it does not allow remote code execution from some web site
somewhere....

With IE you can visit a web site and lose control of your PC...

Enough said.

Oh and MS has known about this for how long? Since May? Granted it was
listed as a DOS but still, it has been how many months?

Imhotep

Imhotep

"karl levinson, mvp" <> writes:


>"Imhotep" <> wrote in message
>news:WdqdnaASvKUDahTeRVn-...

>>> Has anyone notice that there is not a single meantion of the latest IE
>>> vuln in the news (popular news sites like cnn, yahoo, bbc, etc)???

>> ...still waiting for popular news sites to carry the article. Could it be
>> that MS is putting on the pressure not to carry the article, in popular
>> news sites, UNTIL there is a fix? Could it be that they are trying to
>> prevent more IE to Firefox converts? Say it ain't so....say it ain't
>> so....

>This vulnerability affects Firefox as well. So it's not really an "IE
>vuln."

>http://xforce.iss.net/xforce/xfdb/20783

From that page
"It is reported that this vulnerability could be exploited to cause a
denial of service on Firefox and Opera Web browsers, but remote code
execution is not possible."

I would say that remote code execution is far worse than crashing the
browser.

Unruh

Unruh wrote:

> "karl levinson, mvp" <> writes:
>
>
>>"Imhotep" <> wrote in message
>>news:WdqdnaASvKUDahTeRVn-...
>
>>>> Has anyone notice that there is not a single meantion of the latest IE
>>>> vuln in the news (popular news sites like cnn, yahoo, bbc, etc)???
>
>>> ...still waiting for popular news sites to carry the article. Could it
>>> be that MS is putting on the pressure not to carry the article, in
>>> popular news sites, UNTIL there is a fix? Could it be that they are
>>> trying to prevent more IE to Firefox converts? Say it ain't so....say it
>>> ain't so....
>
>>This vulnerability affects Firefox as well. So it's not really an "IE
>>vuln."
>
>>http://xforce.iss.net/xforce/xfdb/20783
>
> From that page
> "It is reported that this vulnerability could be exploited to cause a
> denial of service on Firefox and Opera Web browsers, but remote code
> execution is not possible."
>
> I would say that remote code execution is far worse than crashing the
> browser.

....thanks. That is exactly what I have been trying to say...

Im

Imhotep

"Imhotep" <> wrote in message
news: ...

> >>This vulnerability affects Firefox as well. So it's not really an "IE
> >>vuln."
> >
> >>http://xforce.iss.net/xforce/xfdb/20783
> >
> > From that page
> > "It is reported that this vulnerability could be exploited to cause a
> > denial of service on Firefox and Opera Web browsers, but remote code
> > execution is not possible."
> >
> > I would say that remote code execution is far worse than crashing the
> > browser.
>
> ...thanks. That is exactly what I have been trying to say...

No, what you've been trying to say is that Microsoft was severely in error
and should not have rated this as "low" when it was "only a denial of
service." But that's the opposite of what the two of you are saying now
when considering the exact same vulnerability affecting Firefox, that it's
OK to minimize the Firefox vuln as being "just a denial of service." There
are two different viewpoints being expressed here that are inconsistent with
each other. If the Firefox vuln is "only a denial of service," then the IE
vuln has only been a known remote code execution vuln for a week or so, not
six months.

Microsoft is being faulted here for not notifying customers [although it
has]. I couldn't find anything on the Firefox web site about this. Not
only haven't they patched this, they haven't notified customers like
Microsoft has. Presumably they're still testing and reproducing the
vulnerability. Which goes back to what I was saying about not assuming that
Microsoft can necessarily always repro a vuln overnight when a finder
refuses to give them all the details.

Karl Levinson, mvp

"Karl Levinson, mvp" <> writes:


>"Imhotep" <> wrote in message
>news: m...

>> >>This vulnerability affects Firefox as well. So it's not really an "IE
>> >>vuln."
>> >
>> >>http://xforce.iss.net/xforce/xfdb/20783
>> >
>> > From that page
>> > "It is reported that this vulnerability could be exploited to cause a
>> > denial of service on Firefox and Opera Web browsers, but remote code
>> > execution is not possible."
>> >
>> > I would say that remote code execution is far worse than crashing the
>> > browser.
>>
>> ...thanks. That is exactly what I have been trying to say...

>No, what you've been trying to say is that Microsoft was severely in error
>and should not have rated this as "low" when it was "only a denial of
>service." But that's the opposite of what the two of you are saying now
>when considering the exact same vulnerability affecting Firefox, that it's
>OK to minimize the Firefox vuln as being "just a denial of service." There

I never said anything like that. I said that remote code execution is much
worse than denial of service and I still stand by that.

>are two different viewpoints being expressed here that are inconsistent with
>each other. If the Firefox vuln is "only a denial of service," then the IE
>vuln has only been a known remote code execution vuln for a week or so, not
>six months.

And I said "only denial of service" where?


>Microsoft is being faulted here for not notifying customers [although it
>has]. I couldn't find anything on the Firefox web site about this. Not
>only haven't they patched this, they haven't notified customers like
>Microsoft has. Presumably they're still testing and reproducing the
>vulnerability. Which goes back to what I was saying about not assuming that
>Microsoft can necessarily always repro a vuln overnight when a finder
>refuses to give them all the details.

6 months sounds a bit extreme however. You must live at the north pole or
south pole, for that to be overnight.

Unruh

"Unruh" <unruh-> wrote in message
news:dmflb8$2fa$...

> I never said anything like that. I said that remote code execution is much
> worse than denial of service and I still stand by that.

That's not in dispute.

>>are two different viewpoints being expressed here that are inconsistent
>>with
>>each other. If the Firefox vuln is "only a denial of service," then the
>>IE
>>vuln has only been a known remote code execution vuln for a week or so,
>>not
>>six months.
>
> And I said "only denial of service" where?

Check the message headers. I wasn't responding to you.

>>Microsoft is being faulted here for not notifying customers [although it
>>has]. I couldn't find anything on the Firefox web site about this. Not
>>only haven't they patched this, they haven't notified customers like
>>Microsoft has. Presumably they're still testing and reproducing the
>>vulnerability. Which goes back to what I was saying about not assuming
>>that
>>Microsoft can necessarily always repro a vuln overnight when a finder
>>refuses to give them all the details.
>
> 6 months sounds a bit extreme however. You must live at the north pole or
> south pole, for that to be overnight.

Or, perhaps they rated it as low priority because it was "only a denial of
service."

karl levinson, mvp