On 10/16/06, Andy Green <andy@xxxxxxxxxxx> wrote:
Lonni J Friedman wrote: > This bug was fixed in NVIDIA's 1.0-9625 driver release (last month): > http://www.nzone.com/object/nzone_downloads_rel70betadriver.html This isn't what the advisory says: Published: Oct 16, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0025.jsp ... KNOWN FIXED: o None ... As of the publication date, the latest NVIDIA binary driver is still vulnerable. Maybe they discount the version you linked to because it calls itself a beta.
I just verified that their exploit works in 1.0-8774 and doesn't work in 1.0-9625. Also, there's a 1.0-9626 driver out which isn't a beta (that was released last week).