[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PIRS2007 local buffer overflow vulnerability

To: "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] PIRS2007 local buffer overflow vulnerability
From: <edi.strosar@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Jul 2007 18:49:59 -0400

Dear 3APA3A,

you are absolutely right. Overwriting EIP does not 
necessary mean that the application is exploitable. 
Neither we claim that in our advisory. So, technically 
speaking, consider this a "bug" or "buffer overflow 
condition" rather than vulnerability.

Thanks God for semantics :)

Edi Strosar
(TeamIntell)

-- On 7/13/07, 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> wrote:

> Please explain why is this "vulnerability" and not "just > the bug".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] MSIE7 entrapment again (+ FF tidbit)
Next by Date: [Full-disclosure] Opera/Konqueror: data: URL scheme address bar spoofing
Previous by thread: Re: [Full-disclosure] PIRS2007 local buffer overflow vulnerability
Next by thread: [Full-disclosure] [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution
Index(es):
- Date
- Thread