rasmus

Given the way XML is used in xmlrpc and SOAP systems, I don't think I
would classify a security problem in libxml as a local exploit. Much
more so than any other library, libxml2 is going to be reading remote
xml data and acting on the contents so chances are any security problem
in it is going to lead to a remote exploit. For example, a recent one:

http://seclists.org/lists/fulldisclosure/2004/Nov/0084.html

With an exploit here:

http://www.k-otik.com/exploits/20041026.libxml2.c.php

-Rasmus

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php