Comment Re:Misleading report (Score 3, Interesting) 305
This is not an IE bug. It is a
.Net bug in mscorie.dll. Mscorie.dll is not required by IE. (IE works just fine, so to speak, without .Net.)
Referece? The CVE description says:
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 7 and 8 and possibly other products, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via multiple @import calls in a crafted document.