I don't know what you people are arguing about. The bugs are valid, and they're remote, and that's the end of the story. Haven't any of you ever done a tutorial online to learn some new techniques? Didn't you perhaps download a C file, or assembly file, and build it on your system? When you downloaded and built that code, you assumed the only actions that would occur are the actual assembly instructions you are reading. Now I haven't looked at the nasm bugs yet, so I don't know if you are able to spot an evil asm file with a quick look (though you probably are). Yes I'm pretty sure that most of would realize something is wrong, but still, crap, look at all the idiots that get infected by BRITNAYSPARESPRONG.JPG files every day. Yes there may be some mitigating factors that make it difficult to exploit, but that does not invalidate the vulnerability. -- [ sean ]
