Hey George, Looks like 43257 has some of the facts incorrect too. We will retire that one shortly as a duplicate. Thanks, Rob George A. Theall wrote: > It looks like Bugtraq IDs 42539 and 43257 are covering the same > vulnerability -- a SQL injection involving the cid parameter of shop.htm > in PPScript. > > Rob? > > > George -- Rob Keith Symantec