On 3/7/2010 2:12 PM, [email protected] wrote: > Author: mjc > Date: Sun Mar 7 20:12:21 2010 > New Revision: 920084 > > URL: http://svn.apache.org/viewvc?rev=920084&view=rev > Log: > Just make it clear this is a flaw only affecting Windows > installations that use mod_isapi. These entries need a bit > more cleanup, but another day
/ditto > +undefined state and result in a segfault. On Windows platforms using > mod_isapi, a > +remote attacker could send a malicious request to trigger this issue, and as > win32 MPM runs only one not only using mod_isapi, but further configured to load a dll subject to exploitation. Long explanation, so I was specific to use the phrase 'potentially allow arbitrary code execution'. Thanks for the edits!
