This vuln was discovered before. A French security bulletin mentioned it one month ago. http://www.local.certa.ssi.gouv.fr/site/CERTA-2008-ALE-002/index.html Regards MB