Holy Cow, Sunbelt Doesn’t Pile on MS

Its posts like this that keep Sunbelt in the list of blogs I read regularly. In the post they explain why a recent security writers claim “IE7 is still the spyware writers dream” is actually hype.
The vulnerability is that if the bad guy has write access to your computer, he can get a dll run by IE7 because they are not requiring FQDNs to load a dll. While this might make it tougher to clean your computer, the bad guy must already have infected your computer to have write access. This is not like the WMF exploit or all the bad activeX controls that were in previous IE versions.