[VIM] MS06-015 addresses older issue
mattmurphy at kc.rr.com
Tue Apr 11 20:04:59 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Steven M. Christey wrote:
> FYI, the FAQ section for MS06-015 says: "Note The update for this
> vulnerability also addresses a publicly disclosed variation that has
> been assigned Common Vulnerability and Exposure number CVE-2004-2289."
> This stems from a Bugtraq post in May 2004.
> - Steve
Also interesting is this:
"This security update includes a Defense in Depth change which ensures
that prompting occurs consistently in Internet zone drag and drop
Sounds like a smooth-over of CVE-2005-3240. My MSRC contact indicated
that they were treating this vulnerability as a Shell issue, so this
would not surprise me.
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20060411/633d5bb5/attachment.bin
More information about the VIM