Microsoft: IE hole worse than reported

["Richard M. Smith" <rms () computerbytesman com>]

http://news.com.com/2100-1001-976440.html?tag=fd_top

Microsoft on Friday raised its threat rating for a security flaw in its
Internet Explorer browser to "critical," in response to criticism of its
initial assessment of the hole's danger. 

A representative of Microsoft, which has come under fire for its
security policies, said the company had changed its original rating of a
flaw in IE versions 5.5 and 6 as a result of comments posted to the
Bugtraq online bulletin board by a security consultant. 

As previously reported by CNET News.com, Thor Larholm, a vulnerability
researcher with security consultancy Pivx Solutions questioned
Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum
posting. 

"Microsoft has given this vulnerability a maximum severity rating of
moderate," Larholm wrote. "Great, so arbitrary command execution, local
file reading and complete system compromise is now only moderately
severe, according to Microsoft." 

...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html