Dear List, While they were arguing what the meaning of "responsible" is in "responsible disclosure", I overheard that a critical pre- authentication Remote Code Execution vulnerability affecting EMC Documentum was silently reported to EMC in 2006. The vulnerability was later silently fixed. No credit was given. No credit was taken. No Metasploit module was developed. If you are using Documentum to manage your intellectual properties, you know what you should do. Many critical vulnerabilities were silently fixed. Your expensive VM tools don't have any information about them. Whenever possible, keep your software up-to-date. May the force be with you, Dr. Ch1na
