[VIM] MS06-015 addresses older issue

Matthew Murphy mattmurphy at kc.rr.com
Tue Apr 11 20:04:59 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Steven M. Christey wrote:
> FYI, the FAQ section for MS06-015 says: "Note The update for this
> vulnerability also addresses a publicly disclosed variation that has
> been assigned Common Vulnerability and Exposure number CVE-2004-2289."
> This stems from a Bugtraq post in May 2004.
> 
> - Steve
> 

Also interesting is this:

"This security update includes a Defense in Depth change which ensures
that prompting occurs consistently in Internet zone drag and drop
scenarios."

Sounds like a smooth-over of CVE-2005-3240.  My MSRC contact indicated
that they were treating this vulnerability as a Shell issue, so this
would not surprise me.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38

iD8DBQFEPEQrfp4vUrVETTgRA8koAJ4mK2UeiiYG+AaVBl6R15BCgehWfwCcDpNp
jxKePZqrB0GyWYVnVycKiE8=
=3cdM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20060411/633d5bb5/attachment.bin 


More information about the VIM mailing list