I don't see this as being a true security risk. As you mention in
your advisory, this only occurs if the installer has notification set for
event logs and event logs are left to the default write method.
I honestly think that the only people at risk here are incompitent
administrators who do not porperly configure their network. That being the
case,
this puts the risk into the ID10T catagory. I put this on the par with
administrators who allow their smtp servers to relay for anyone and who set
their firewalls to allow netbios traffic through.
Just my 2 cents...
Brian P. McClory MCT, CCI, MCSE, MCP+I, CCA, ETC...
"I'm not an actor, I just play one on TV."
