Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Microsoft

+ - Serious bug in unneeded feature:what's the point?

mr_mischief writes: Microsoft has a bulletin about a vulnerability for something called Vector Markup Language. Security Focus has one too.

Vector Markup Language was a proposed web standard that was passed on by the standards bodies and which was both subsumed and superseded by Scalable Vector Graphics.

Despite VML being passed over and another alternative being made a standard, Microsoft implemented it anyway. In the implementation there is a security problem that MS says can allow an attacker total control of a target system.

If it's nonstandard, duplicating functionality offered by a standard, and they can't be bothered to do it right the first time, perhaps they shouldn't preinstall it on millions of computers around the world. How could Microsoft actually get enough of an edge from undercutting a fairly widely implemented standard with a dangerous implementation that it is financially worthwhile for them? Wouldn't be better for them in the long run to just implement the standard, or is there some huge installed base of VML somewhere that I'm just missing?

You can do this in a number of ways. IBM chose to do all of them. Why do you find that funny? -- D. Taylor, Computer Science 350

Working...