Michael Sutton
Michael Sutton
apply code developers entire good level pieces relying security shared testing using writes
There's always code reuse in development, which is a good thing. No one writes an entire application from scratch. But if you're using someone else's code, you're relying on the security of that code. Developers need to apply the same level of security testing to those shared pieces as they do to their own code.
creative exists explorer internet leverage nobody publishing pulls somebody sure
The vulnerability still exists in Internet Explorer in that it's very lenient in how it pulls CSS, but right now nobody is publishing a way that it can be leveraged to do something useful. That's not to say that somebody won't find a way. I'm sure somebody will come up with a creative way to leverage it to do something evil.
code followed handle libraries media portions seems sure surprise
It seems like there is some flaky code in portions of the libraries that handle the WMF files. It wouldn't surprise me if we see more vulnerabilities emerge, which I am sure will be followed by more media coverage.
degree draw easy file full further hard leverage malicious people relatively site social takes web
This is relatively easy to exploit. It takes some degree of social engineering -- the attacker would have to draw people to a malicious Web site -- but after that, there's no further intervention required. An attacker could leverage this to write to a file on the hard drive. And once you can write to a person's machine, you have full control.
canned default include vulnerable
A DLL is canned functionality, so if you include a vulnerable DLL in an application, that application is by default vulnerable.