[VIM] Energizer DUO USB battery charger Issue

security curmudgeon jericho at attrition.org
Wed Mar 10 00:25:15 UTC 2010

I replied to Deapesh already, but since asked here:

: This is regarding the 'Energizer DUO USB battery charger' issue 
: (http://www.kb.cert.org/vuls/id/154421 and 
: http://osvdb.org/show/osvdb/62782)
: I am not sure as to why this is labeled as a vulnerability. Anyone care 
: to share their thoughts?
: Also why was a CVE ID released for this issue: CVE-2010-0103 ?

I noticed this was the first time other VDBs assigned it. We have an 
internal discussion going wether we should go back and add other cases of 
'certified pre-owned' (how we classify them and track on Attrition 

In short, it is a vulnerable software package being distributed by a 
company. Instead of an exploit to abuse a remote overflow, just happens to 
be much easier to exploit. But, it is still vulnerable software.

http://attrition.org/errata/cpo/ (not updated with a few recent ones, 
we're overhauling the pages)


More information about the VIM mailing list