[VIM] Vendor dispute for Animated Smiley Generator RFI (CVE-2006-6541)

Steven M. Christey coley at linus.mitre.org
Thu Feb 22 00:41:19 EST 2007


On Wed, 21 Feb 2007, security curmudgeon wrote:

> Curious how this came to be. Did someone add a vulnerability to a copy
> before sharing it and letting it circulate in the warez circles?

I'm pretty sure this wasn't the first, nor the last, case of a
vulnerability in a Trojaned warez product that wasn't in the legitimate
product (assuming the vendor dispute is correct).  Maybe some of our
disputes are actually assumintg legitimate distributions.

I don't think CVE should be tracking malicious modifications from
unofficial channels.  Now, if a product is trojaned at its legitimate
distribution point, that's of concern to consumers and gets a CVE.  But
modified warez falls under the malware category, for me anyway.  Would
OSVDB be interested in cataloging vulnerabilities in malware?  They're
technically vulnerabilities from the malware's point of view, after all
;-)

Gadi - any insights into warez backdoors?  I know I've run into one or two
PHP warez sites out there.

- Steve


More information about the VIM mailing list