FYI, in cases like the recent integer overflows in compilers handling the "i>sizeof(int)" expression, you can't know ahead of time whether the affected applications are locally or remotely exploitable. I've started using the phrase "context-dependent" to handle these cases. Libraries are also likely to have context-dependent attack vectors. - Steve