[VIM] FALSE -> DynamicPAD HomeDir RFI

Steven M. Christey coley at linus.mitre.org
Tue May 8 17:31:17 UTC 2007


On Tue, 8 May 2007, str0ke wrote:

> I don't have the source code to go back over 1.02 but it did seem
> vulnerable before.

There seems to be an unfortunate habit by some researchers where they'll
test an older version (maybe live on a site somewhere) and just assume the
latest version is vulnerable, and report the latest version.  Yet another
painful part of the dispute process.  When I do a dispute, I try to get
some older source code just in case of these researcher errors, but of
course that's not always feasible and it usually doesn't pay off.

- Steve


More information about the VIM mailing list