* Andres Salomon (firstname.lastname@example.org) [010918 17:40]: > My point is, it's not a daemon, it's not associated w/ any type of network > service, it's not associated w/ any clients that regularly receive untrusted > data from outside sources, and it's not even used by default on most > people's boxes (less, if installed, will be used instead of most by default). > > If you're going to associate a vulnerability in something like most as > being remotely exploitable, at least explain it a bit. I have most I think the key is in "when viewing a malicious file ... could enable most to execute arbitrary code being able to compromise the users environment." Now, since people may use most to view email, which may come from remote sites, this can be considered a remote exploit. -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'
Description: PGP signature