Re: When is it valid to claim that a vulnerability leads to a remote attack?
Posted by Thierry Zoller on Oct 10
Hi Dan,
DK> There are a substantial number of file formats that are code-execution
DK> equivalent with no exploits necessary — .exe, .com, .bat, etc. You thus
DK> can’t say that an executed file must not execute code, because there’s no
DK> way for the user to know whether a file on his desktop is an .exe or
DK> something else.
Maybe I misunderstand what you are saying but – Isn’t the point in this
case is that running binary…