> It's not something you could directly own the box with, unlike RPC vuln > that Blaster uses; it merely exposes some trivia, thus the "low" rating.
Yeah, but what if that "trivia" is your credit card information or your SSN or some other important piece of data? I personally think this should have a higher rating and IMHO think MS knows it too but is going to downplay it due to it's severity. Anthony _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html