ISS X-Force discovered this vulnerability and our advisory will be
released shortly. We were working to determine the full scope of the
vulnerability before we notified the vendor. Unfortunately, someone
else found the flaw and began to cause discuss it using specifics. That
caused us to push forward our disclosure. Typically, when we do X-Force
Advisories, we have developed an in-house, functional exploit (not proof
of concept) in order to verify the exact nature and scope of the issue.
We have not done so in this case. Right now it is undetermined if the
issue is exploitable on *any* platform. It may turn out that it may be
exploitable on every platform.
This issue is serious enough that it should be addressed on all
platforms as quickly as possible. I'll forward our Advisory to the list
when it is public.
Regards,