On Tue, 20 Nov 2007 04:34:08 +0000, Roy Schestowitz wrote:
> The fine line Between Security and Usability
>
> ,----[ Quote ]
>| Another issue which came to light last week may pose more of a problem for
>| business and home users, especially given that Microsoft acknowledged to the
>| discoverer that they would not be patching the remote code execution
>| vulnerability that he had reported -
>|
>| "Microsoft replied me that they would not fix this vulnerability, it looks
>| like they will not acknowledge vulnerabilities which are from .mdb file".
>|
>| [...]
>|
>| As far as JET .mdb files go, it seems that Microsoft has deprecated the
>| technology somewhat, but it still continues to be supported by the latest
>| versions of Access (Access 2007).
> `----
>
> http://www.beskerming.com/commentary/2007/11/19/304/The_fine_line_Between_Security_and_Usability
This is simply ridiculous.
How, pray tell, does the attacker get the target machine to install the
exploited mdb file on the server in the first place? You have to be an
administrator to make it a remotely exploitable vulnerability in the first
place, which means you would alrady be able to remotely access it as an
administrator.
It's a stupid argument.
|
|
