[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41991396.9080402@immunitysec.com>
Date: Mon, 15 Nov 2004 15:37:42 -0500
From: Dave Aitel <dave@...unitysec.com>
To: joe <mvp@...ware.net>
Cc: "'Michal Zalewski'" <lcamtuf@...ttot.org>,
"'Berend-Jan Wever'" <skylined@...p.tudelft.nl>,
full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: MSIE src&name property disclosure
That's a good question for your Microsoft sales rep. If you want
technical details, Immunity has a working and reliable Wins exploit in
the Vulnerability Sharing Club version of CANVAS. I think there's an
interesting difference between how the Linux community handled the
recent kernel bugs, and how Microsoft and other commercial vendors
handle all bugs.
Dave Aitel
Immunity, Inc.
joe wrote:
>How is it an example?
>
>-----Original Message-----
>From: full-disclosure-admin@...ts.netsys.com
>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Dave Aitel
>Sent: Monday, November 08, 2004 9:49 AM
>To: Michal Zalewski
>Cc: Berend-Jan Wever; full-disclosure@...ts.netsys.com;
>bugtraq@...urityfocus.com
>Subject: Re: [Full-Disclosure] MSIE src&name property disclosure
>
><SNIP>
>WINS is a classic example.
><SNIP>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists