Re: [FDSA] Notepad Highly CriticalCross-SiteScripting (XSS) Vulnerability

["Randal T. Rioux" <randy () procyonlabs com>]

>                             Fredrick Diggle Security Advisory
>
> Application: Notepad
> Versions: 5.1.2600.2180 verified to be vulnerable
> Platforms: Microsoft Windows (All Versions)
> Bugs: Cross Site Scripting (XSS)
> Severity: Critically High
> Date: 17 Jan 2008
> Credit: Estr Hinan
>
> #######################################################################

> That’s a really funny “security risk”. I don’t agree with you, because
> otherwise every editor, which is able to save HTML Files, is a security
> problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision,
> to open a HTML file or not. And (if here are some MS guys) please don’t fix
> this “issue”, because sometimes, if you haven’t a professional tool at the
> moment, the Windows editor can be useful, too.  Also, if you need to edit
> some small Scripts.
>
> Yours, 
> SR

Speaking of professional tools...

Let's hope this was just a language translation error and not a fully understood response.

Lighten up, folks.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/