pstotext: remote execution of arbitrary code
Posted Mar 30, 2006 10:11 UTC (Thu) by nix
Parent article: pstotext: remote execution of arbitrary code
If that's a remote execution vulnerability, then so is *anything*.
I'd rather that 'remote execution' be reserved for cases where the vulnerable application is directly involved in reception of messages from remote sources. It's widely-known that once you've got in via some other attack vector (e.g. the social-engineering attack mentioned here), then local vulnerabilities become significant, but that doesn't make all local vulnerabilities remote ones as well.
to post comments)