Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Microsoft

+ - Serious bug in unneeded feature:what's the point?

Submitted by mr_mischief
mr_mischief (456295) writes "Microsoft has a bulletin about a vulnerability for something called Vector Markup Language. Security Focus has one too.

Vector Markup Language was a proposed web standard that was passed on by the standards bodies and which was both subsumed and superseded by Scalable Vector Graphics.

Despite VML being passed over and another alternative being made a standard, Microsoft implemented it anyway. In the implementation there is a security problem that MS says can allow an attacker total control of a target system.

If it's nonstandard, duplicating functionality offered by a standard, and they can't be bothered to do it right the first time, perhaps they shouldn't preinstall it on millions of computers around the world. How could Microsoft actually get enough of an edge from undercutting a fairly widely implemented standard with a dangerous implementation that it is financially worthwhile for them? Wouldn't be better for them in the long run to just implement the standard, or is there some huge installed base of VML somewhere that I'm just missing?"

... though his invention worked superbly -- his theory was a crock of sewage from beginning to end. -- Vernor Vinge, "The Peace War"

Working...