[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Security Bug in MSVC

To: "ad@xxxxxxxxxxxxxxxx" <ad@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Security Bug in MSVC
From: Stan Bubrouski <stan.bubrouski@xxxxxxxxx>
Date: Tue, 17 Jan 2006 17:57:14 -0500

On 1/17/06, ad@xxxxxxxxxxxxxxxx <ad@xxxxxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I think ms wont fixe any bug in vstudio, I have told them if they will
> fix the vs2005 issue published recently and they said me exactly what
> is on your support page:
>
> "Only open project files that come from trusted sources."
>

Yeah but hasn't it always been the case that you can execute pretty
much anything from a msvs project file anyways?

>
> or "Only open WMF files that come from trusted sources." would have
> been less effort than releasing a patch then lol :D
>

-sb
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Security Bug in MSVC
  - From: Morning Wood
- Re: [Full-disclosure] Security Bug in MSVC
  - From: ad@xxxxxxxxxxxxxxxx

Prev by Date: Re: [Full-disclosure] Oracle Reports - Read parts of files via customize(fixed after 875 days)
Next by Date: Re: [Full-disclosure] PC Firewall Choices
Previous by thread: Re: [Full-disclosure] Security Bug in MSVC
Next by thread: Re: [Full-disclosure] Security Bug in MSVC
Index(es):
- Date
- Thread