[VIM] MS06-015 addresses older issue
Matthew Murphy
mattmurphy at kc.rr.com
Tue Apr 11 20:04:59 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Steven M. Christey wrote:
> FYI, the FAQ section for MS06-015 says: "Note The update for this
> vulnerability also addresses a publicly disclosed variation that has
> been assigned Common Vulnerability and Exposure number CVE-2004-2289."
> This stems from a Bugtraq post in May 2004.
>
> - Steve
>
Also interesting is this:
"This security update includes a Defense in Depth change which ensures
that prompting occurs consistently in Internet zone drag and drop
scenarios."
Sounds like a smooth-over of CVE-2005-3240. My MSRC contact indicated
that they were treating this vulnerability as a Shell issue, so this
would not surprise me.
- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38
iD8DBQFEPEQrfp4vUrVETTgRA8koAJ4mK2UeiiYG+AaVBl6R15BCgehWfwCcDpNp
jxKePZqrB0GyWYVnVycKiE8=
=3cdM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20060411/633d5bb5/attachment.bin
More information about the VIM
mailing list