Re: When is it valid to claim that a vulnerability leads to a remote attack?

[Valdis.Kletnieks () vt edu]

On Fri, 09 Oct 2009 12:09:08 +0200, Thierry Zoller said:
> IMHO  it  generally  is classified as remote. Some vendors call it
> "user  assisted  remote arbitrary code execution" which, in my opinion
> is just downplaying the issue - there are virtually unlimited means to
> get  somebody  or something to open such a file some less assisted but
> still exploiting the issue at hand.

I concur with Thierry - the fact that one of the steps in the exploit is
"get the user to click on it" does *not* mean the vendor can stick their
head in the sand and claim it's not an issue.  It just means the exploit
will require a social engineering step as well as coding.

If you think that it's hard to get users to run the program for you, consider
that a very large community is making a lot of money sending users e-mail
that says "please go to this web page and enter your userid, password, and
credit card number so we can take all your money". Of course, they have to
do a little work so it looks like it came from the victim's bank...

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/