Security Hero Rotating Header Image

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack?

Posted by Thierry Zoller on Oct 10

Hi Dan,

DK> There are a substantial number of file formats that are code-execution

DK> equivalent with no exploits necessary — .exe, .com, .bat, etc. You thus

DK> can’t say that an executed file must not execute code, because there’s no

DK> way for the user to know whether a file on his desktop is an .exe or

DK> something else.

Maybe I misunderstand what you are saying but – Isn’t the point in this

case is that running binary…

URL: http://seclists.org/fulldisclosure/2009/Oct/148

Leave a Reply

Powered by WP Hashcash

Spam Protection by WP-SpamFree

Bad Behavior has blocked 463 access attempts in the last 7 days.