On Fri, 09 Oct 2009 12:09:08 +0200, Thierry Zoller said: > IMHO it generally is classified as remote. Some vendors call it > "user assisted remote arbitrary code execution" which, in my opinion > is just downplaying the issue - there are virtually unlimited means to > get somebody or something to open such a file some less assisted but > still exploiting the issue at hand. I concur with Thierry - the fact that one of the steps in the exploit is "get the user to click on it" does *not* mean the vendor can stick their head in the sand and claim it's not an issue. It just means the exploit will require a social engineering step as well as coding. If you think that it's hard to get users to run the program for you, consider that a very large community is making a lot of money sending users e-mail that says "please go to this web page and enter your userid, password, and credit card number so we can take all your money". Of course, they have to do a little work so it looks like it came from the victim's bank...
Attachment:
pgpJ9O6oMNdSN.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/