[Full-disclosure] PIRS2007 local buffer overflow vulnerability
edi.strosar at varnostne-novice.com
edi.strosar at varnostne-novice.com
Fri Jul 13 23:49:59 BST 2007
Dear 3APA3A,
you are absolutely right. Overwriting EIP does not
necessary mean that the application is exploitable.
Neither we claim that in our advisory. So, technically
speaking, consider this a "bug" or "buffer overflow
condition" rather than vulnerability.
Thanks God for semantics :)
Edi Strosar
(TeamIntell)
-- On 7/13/07, 3APA3A <3APA3A at SECURITY.NNOV.RU> wrote:
> Please explain why is this "vulnerability" and not "just > the bug".
Full-Disclosure is hosted and sponsored by Secunia.