Hacker News new | past | comments | ask | show | jobs | submit login

This vulnerability is no longer unknown, though it is (to my knowledge) still unpatched. It is known not to be exploitable on IE7 with DEP enabled, so most IE instances should in fact be easy to lock down.



China and the USA both have access to the Windows and IE source code, correct? So presumably they have as many pre-0day vulnerabilities as are ever needed.


You're crazy if you think access to IE source code is anything more than a speed bump for vulnerability researchers. Microsoft code is among the easiest to reverse out in a disassembler, and they publish symbols.

In any case, this vulnerability looks remarkably straightforward. You could conceive of the fuzzer that might have found it. It would be an extremely clever fuzzer, but not an unprecedented one.


(I know very little about security research, which is readily apparent... should have phrased the second part of previous question as a comment as well)


Maybe, but you shouldn't get downvoted for it. ;)


How hard, or easy, is it to make a really secure browser while at the same time keeping all the jazz that makes say, GMail work?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: