Dave (or anyone else with information),
I know the vulnerability was in older versions of FCKEditor...if one were to
install and use the current version, does it still have the vulnerability or
has that been fixed? I just got an emergency gig to fix a site that was
hacked because of this and we need to know if it is safe to do this or just
keep FCKEditor disabled inthe meantime.
Eric
On Thu, Jul 2, 2009 at 6:17 PM, Dave Watts <dwatts@figleaf.com> wrote:
>
> You may want to check for this on any clients/projects you've worked with:
> http://isc.sans.org/diary.html?storyid=6715
>
> Remediation steps available here:
> http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
>
> Fig Leaf Software provides the highest caliber vendor-authorized
> instruction at our training centers in Washington DC, Atlanta,
> Chicago, Baltimore, Northern Virginia, or on-site at your location.
> Visit http://training.figleaf.com/ for more information!
>
>
