[27901] in bugtraq
MS02-064 fix time
daemon@ATHENA.MIT.EDU (David Litchfield)
Sat Nov 16 18:47:23 2002
Message-ID: <002101c28be3$9762d930$2501010a@ngssoftware.com>
From: "David Litchfield" <david@ngssoftware.com>
To: <bugtraq@securityfocus.com>
Date: Thu, 14 Nov 2002 13:41:53 -0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
MS02-064 discusses a vulnerability where clicking on start->run can lead to
an unsuspecting user running another (malicious) user's trojan.
I warned MS of this back in on September 6th 1999 whilst 2k was still in
BETA (See the bottom of the following mail)
http://security-archive.merton.ox.ac.uk/bugtraq-199909/0145.html
I wonder if this is the longest time it has taken for a "fix" to be made
public after disclosure?
David Litchfield
