MS02-064 discusses a vulnerability where clicking on start->run can lead to an unsuspecting user running another (malicious) user's trojan. I warned MS of this back in on September 6th 1999 whilst 2k was still in BETA (See the bottom of the following mail) http://security-archive.merton.ox.ac.uk/bugtraq-199909/0145.html I wonder if this is the longest time it has taken for a "fix" to be made public after disclosure? David Litchfield
