"Roland Schweiger" <roland_schweiger@web.de> wrote in news:hjl3o6$82d$1
@news.eternal-september.org:
> "DanS"
>
>> Warnings about vulnerabilities in s/w you may be using is worthless
>> information ?
>>
>> And this particular vulnerability has been around a long time and MS
>> already attempted to fix it twice, but didn't.
>
> It is plain theory - there is NOT ONE SINGLE documented case
> where this has actually happened.
It's not theory. There were two links that documented in excruciating
detail both of the previous fix attempts including what's required,
exactly, to do this exploit, and how all this applies to the browser
security model.....
http://www.coresecurity.com/content/ie-security-zone-bypass
> So i do regard it as worthless information, panic-making
> and utterly useless because to 99,9999999999% of people using ie8,
> this exploit will never apply and why should other browsers not also be
> exploitable?
Uh....Because it a different browser ? Let's see Adobe Acrobat Reader and
Foxit PDF Reader both read PDF files, but I've never seen a security
update for Foxit. Read the article linked above explaining exactly how
and why IE would be affected.