Zero-day IE exploit

Zero-day IE exploit
Peter Laborge, 2005-11-22

Expand all | Post comment

Zero-day IE exploit 2005-11-22
Don Parker (1 replies)

Re: Zero-day IE exploit 2005-11-23
Dbtech

Zero-day IE exploit 2005-11-23
auris

Zero-day IE exploit 2005-11-23
Jerry M. Gartner

Zero-day IE exploit 2005-11-23
Bob (1 replies)

Re: Zero-day IE exploit 2005-11-23
Jason (1 replies)

Re: Zero-day IE exploit 2005-11-23
Anonymous (1 replies)

Re: Re: Zero-day IE exploit 2005-12-02
Anonymous

Yet another reason to switch to FireFox 2005-11-23
Mike (1 replies)

Re: Yet another reason to switch to FireFox 2005-11-25
Anonymous

Zero-day IE exploit - it doesn't work for me 2005-11-25
Morc (1 replies)

Re: Zero-day IE exploit - it doesn't work for me 2005-12-14
Anonymous

Not wanting to downplay the seriousness, but I wouldn't call it zero day 2005-11-29
Roger

We seem to be overly broadening the meaning of "zero day exploit" here. To me, a zero day exploit is one in which crackers are found to be actively exploiting the flaw on the same day it comes to public knowledge -- thus, it denotes a security crisis which requires immediate intervention.

What we have here is researchers revealing how to exploit the flaw on the same day (sort of) it becomes public knowledge. That is not the same thing. It is true that action is required urgently (if you are still silly enough to be using MSIE) because it will be fairly trivial to turn the PoC code into malicious code, but until we see an example in the wild, it ain't happened; on the n'th day, when it happens, you can call it a n-day exploit.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/58/229#229

Zero-day? 2005-11-29
Anonous (1 replies)

Re: Zero-day? 2005-12-02
Anonymous

Putting users at risk 2005-12-14
Anonymous