[VIM] macromedia annoying wording/reference
mattmurphy at kc.rr.com
Mon Dec 26 21:48:32 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
security curmudgeon wrote:
> iDefense JWS Denial of Service Vulnerability
It appears that the error is on the part of Adobe. iDEFENSE's JRun 4
links to that specific advisory. They are talking about the same issue,
Indeed, the terminology is annoying, but it appears Adobe extrapolated
"Although this vulnerability allows a stack overwrite, it may be more
difficult to exploit due the input string being converted into a 'wide
character' version of the str input, by placing a null byte between
each character. While this does not necessarily prevent exploitation, it
does increase the complexity of developing an exploit.
Exploitation of this vulnerability may allow a remote attacker to
execute code on the affected system as Local System, allowing complete
compromise, or cause a denial of service against the affected system,
preventing legitimate use."
to mean that the issue was not practically exploitable. This is
more-than-likely wrong, as Unicode overflows have been extensively
researched and found to be exploitable in most cases where ANSI
The terminology certainly is annoying. More frustrating is the obvious
downplay being done by Adobe. But, given Adobe's history of suing
researchers (or having them arrested) for cracking its lousy DRM on PDFs
and eBooks, no surprise there on my part.
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20051226/ecf6e3b2/attachment.bin
More information about the VIM