| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY17-F16uCddQiqWcB0001d6bb@hotmail.com> Date: Tue, 30 Mar 2004 16:27:17 +0200 From: "Lise Moorveld" <lise_moorveld@...mail.com> To: bugtraq@...urityfocus.com Cc: roozbeh_afrasiabi@...oo.com Subject: Re: IE ms-its: and mk:@MSITStore: vulnerability Hi, Cool advisory about ms-its(its) and mk:@MSITStore:protocol handlers. I like the amount of detail supplied. Though due to the detail, it is kinda hard to get the essence of the advisory. What, exactly, is new about this? The PoC mentioned in section a) looks very similar to something Jelmer posted a while back [1] and the second bit like something Arman Nayyeri posted [2] The PoCs in section b) through g) appear to be implementations of the above (?) but I could be wrong. And the PoC in section h) seems related to Cert Advisory VU#489721 [3] Oh, and does anybody know whether this [4] "new IE worm" has anything to do with anything? With all the recycling of PoC code and releases of different variations of exploits it's kinda hard to understand which vulnerabilities lie at the basis of it all :-/ I vote for more cross-referencing! =)... BID's, CVE-id's and Cert-ID's are usefull =) bye, Lise [1] http://marc.theaimsgroup.com/?l=full-disclosure&m=106332317811095&w=2 [2] http://archives.neohapsis.com/archives/bugtraq/2003-12/0337.html [3] http://www.kb.cert.org/vuls/id/489721 [4] http://archives.neohapsis.com/archives/bugtraq/2004-03/0299.html _________________________________________________________________ MSN Search, for accurate results! http://search.msn.nl
Powered by blists - more mailing lists