[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unspecified EMC Documentum Remote Code Execution Vulnerability

Dear List,

While they were arguing what the meaning of "responsible" is in 
"responsible disclosure", I overheard that a critical pre-
authentication Remote Code Execution vulnerability affecting EMC 
Documentum was silently reported to EMC in 2006. The vulnerability 
was later silently fixed. No credit was given. No credit was taken. 
No Metasploit module was developed.

If you are using Documentum to manage your intellectual properties, 
you know what you should do. Many critical vulnerabilities were 
fixed. Your expensive VM tools don't have any information about 
them. Whenever possible, keep your software up-to-date.

May the force be with you,

Dr. Ch1na