Why the Latest IE Flaw Proves Linux Got it Right From the Start
Dec 23, 2008, 18:31 (4 Talkback[s])
(Other stories by David M Williams)
"While that doesn't tell us much, the knowledge base article (or
"KB") 960714 referenced does spill the beans.
"Fundamentally, it was discovered that program code -- of a
malicious person’s construction -- be executed on your
computer, if a user views a specially crafted web page with IE.
"In particular, a rogue script can allocate a block of memory
(an array) then apparently release it without updating the array's
length, meaning that the block of memory still remains
preserved.
"Then, if data binding is enabled (which it is, by default), a
rogue web page can take advantage of an incorrect handling of
certain XML tags within IE to cause the browser to pass control to
the supposedly free memory location."
Complete
Story
Related Stories:
- Mozilla Counters "Dirty Dozen" Criticism of Firefox Security(Dec 20, 2008)
- From Linux to Windows: Is This 2009 Downgrade Really Necessary?(Dec 16, 2008)
- Warning to Internet Explorer Users(Dec 15, 2008)
- Microsoft: Hole Exploit Endangers All IE Versions(Dec 13, 2008)
- Google Chrome Fixes Hotmail by Being Safari(Dec 11, 2008)
- Internet Explorer: Fewer Bugs Than Firefox and Google Chrome?(Dec 11, 2008)
- IE Share Slips Under 70%; Firefox Surges Past 20%(Dec 03, 2008)
- IE, Firefox, and the Add-on Security Problem(Nov 24, 2008)
