lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 11 22:30:54 2006 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: Critical excel vulnerability for sale, read inside. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It has not been possible for me to reach an agreement with zdi nor idefense for selling the excel bug because I have publicly warned about a remote command execution in my forum, I have tried to excuse me about my selfstarting mistakes in the rssponsible disclosure nor to explain them then if I find a 2nd excel critical bug , how can I submit it to them since I have publicly warned about an excel flaw ? You should reject actually any excel flaw no ? No that's it , they leave me alone with a critical excel flaw, so I have no other way now to get paid for my research to leave an announce: A critical excel flaw is for sale, if you wish to buy it what do you will have: - -full advisory (explaining how I have found it , how I exploit it) - -full poc building a xls file, once this file opened , excel will arbitrary run regedit.exe, a bindshellcode, or add an admin user. - -you have all rights on it , since Im alone able to exploit it, you will trust me, I never share privately, you will be the only owner of it. if you wish to see what the bug does, I can compute some videos on demand. And of course if you are willing to buy it , do not offer something ridiculous. for any informations , excel_for_sale@...poverflow.com note: I know this look like a joke, but I'm serious , I should be paid for my security research , and I really dont want to help microsoft for free, the auction is up for whitehats and blackhats, thanks to the resposible programs on this. I know I have made a mistake but this was still up to you to stop me. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ8WG5q+LRXunxpxfAQJj3g//bc7pkBjMyBH8tey3XT6FaCIOI4toxdeZ xeIBVjafFHddvwUIARDEO/FIy3RGNZbfY4O3y+NC+CyhJVc+HcMFplns9AYCutNk P7WcQ+Ax8KJth4Bo2ol2B53gdLZ6rnSWyp8Xua2GWc9Z9d6rbfrQHZaY9s53j8XP ITmo4Yoly1A8NnD3m1ZDRN2TrDsaBZQbd97vfi20oHUH41VAN9b/lU3UI9+QC8oo TZVDVvYi4YTnNEUfWW5CQlJ9+kDxRPfRMhOVMo/oSXgbD/56s5vRHB7eMxakLWBb jwrdTQ/5S7ez20sK3UIZmV3919TPVHQK0NF4OX8ZpLsHPrguDUUZXXePzMcnnibl MHGkBVIegCojHyQth8WiHo0adCAoOcuIdFXmaXXFmg3NSstsv6AFQ64fJO7vOJYs HJ0X5BKHHTPdIElT9Uzbif5UfdARCIOhgcF/e2hXpHX7PJYXahZTUtOYLmfQbIeT QMRJL8wH1lIAhBJiIWo+ZUJ6YgnovS8YBsffYjtRUVe7e0v+oZsuAp6c4A0XWP7O rywj7aXT8xsz5mkHGuN9W9EiKq7XgO0d3EGyp0XZcm03CuAriCwLN/exx1bJkcw/ gCsebwGTSHbyzVDyioqjfdNskQwIakmFZvlPGC3+9Rv1aiYogH8CpBOIJgvBvkCW kmCQMX9ui1Y= =khwl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists