Forgot your password?
typodupeerror
Microsoft

+ - Serious bug in unneeded feature:what's the point?

Submitted by mr_mischief
mr_mischief (456295) writes "Microsoft has a bulletin about a vulnerability for something called Vector Markup Language. Security Focus has one too.

Vector Markup Language was a proposed web standard that was passed on by the standards bodies and which was both subsumed and superseded by Scalable Vector Graphics.

Despite VML being passed over and another alternative being made a standard, Microsoft implemented it anyway. In the implementation there is a security problem that MS says can allow an attacker total control of a target system.

If it's nonstandard, duplicating functionality offered by a standard, and they can't be bothered to do it right the first time, perhaps they shouldn't preinstall it on millions of computers around the world. How could Microsoft actually get enough of an edge from undercutting a fairly widely implemented standard with a dangerous implementation that it is financially worthwhile for them? Wouldn't be better for them in the long run to just implement the standard, or is there some huge installed base of VML somewhere that I'm just missing?"

"Right now I feel that I've got my feet on the ground as far as my head is concerned." -- Baseball pitcher Bo Belinsky

Working...