Persistent Internet Explorer Vulnerability
Remember last year when I wrote about an Internet Explorer vulnerability which Pythorian & myself had discovered? Well, time for this to turn into a recurring nightmare!
Just tonight I was doing some checking up on this vulnerability and discovered that in Internet Explorer 10, when viewing a page in compatibility mode, malicious code can still be executed on a page which *SHOULD* render as plain text (and nothing more!).
No other web browser I have seen has had this flaw, and Microsoft promised a patch in IE 10. They delivered a partial patch however, fixing the vulnerability only in the regular viewing mode. This makes me wonder what other patches have only been half delivered.
I recommend that if you are aware of other vulnerabilities in IE which have been “patched”, that you check those vulnerabilities in IE with compatibility mode turned on to see if they have been truly patched.