On Thu, 02 Feb 2006 01:40:37 +0000, Roy Schestowitz wrote:
> "But browser testers may already be at risk, according to security researcher
> Tom Ferris. Late Tuesday, Ferris released details of a potential security
> flaw in IE 7. An attacker could exploit the flaw by crafting a special Web
> page that could be used to crash the browser or gain complete control of a
> vulnerable system, Ferris said in an advisory on his Web site. Microsoft had
> no immediate comment on Ferris' alert."
This turns out to be an overstatement. Microsoft says that they had
already found the problem via their internal audits and that while the
browser can be crashed it wasn't capable of remote code execution.