lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <8B32EDC90D8F4E4AB40918883281874D0BAF6D@pivxwin2k1.secnet.pivx.com> Date: Wed, 5 Nov 2003 14:50:52 -0800 From: "Thor Larholm" <thor@...x.com> To: "white colin john" <cjwhite1@...nx13.ews.uiuc.edu> Cc: "Liu Die Yu" <liudieyuinchina@...oo.com.cn>, <bugtraq@...urityfocus.com> Subject: RE: Six Step IE Remote Compromise Cache Attack > From: white colin john [mailto:cjwhite1@...nx13.ews.uiuc.edu] > If there's no proof-of-concept that shows current > bugs can be combined into an exploit, is there > any pressure on microsoft to patch the bugs? There has already been several proof-of-concepts for each and every vulnerability that was used to produce this exploit, and Microsoft are patching those vulnerabilities. We already know and have demonstrated that they can be abused, this exploit is just a refinement of those POC's to ease exploitation - hence my concern. Regards Thor Larholm Senior Security Researcher PivX Solutions, LLC Get our research, join our mailinglist - http://pivx.com/larholm/
Powered by blists - more mailing lists