Persistent Internet Explorer Vulnerability

  • Author:xnite
  • Date:2013/09/24

2013-09-24_050758Remember last year when I wrote about an Internet Explorer vulnerability which Pythorian & myself had discovered? Well, time for this to turn into a recurring nightmare!

Internet Explorer vulnerability in actionJust tonight I was doing some checking up on this vulnerability and discovered that in Internet Explorer 10, when viewing a page in compatibility mode, malicious code can still be executed on a page which *SHOULD* render as plain text (and nothing more!).

No other web browser I have seen has had this flaw, and Microsoft promised a patch in IE 10. They delivered a partial patch however, fixing the vulnerability only in the regular viewing mode. This makes me wonder what other patches have only been half delivered.

I recommend that if you are aware of other vulnerabilities in IE which have been “patched”, that you check those vulnerabilities in IE with compatibility mode turned on to see if they have been truly patched.

Robert Whitney
I'm a geek, gamer and breaker of things. I'm a programmer by day and an apache attack helicopter by night. Some would call me their spirit animal.
Opinions expressed here, even 💩 ones, are my own and do not represent those of my employer or associates.
Referral Links

Using my referral links is the best way to help me pay for my projects and development servers and get something out of it for yourself.

Copyright©2011 - 2018, Robert Whitney; All rights reserved.