lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43C586E7.1080202@heapoverflow.com>
Date: Wed Jan 11 22:30:54 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Critical excel vulnerability for sale,
	read inside.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
It has not been possible for me to reach an agreement with zdi nor
idefense for selling the excel bug because I have publicly warned
about a remote command execution in my forum, I have tried to excuse
me about my selfstarting mistakes in the rssponsible disclosure nor to
explain them then if I find a 2nd excel critical bug , how can I
submit it to them since I have publicly warned about an excel flaw ?
You should reject actually any excel flaw no ?
No that's it , they leave me alone with a critical excel flaw, so I
have no other way now to get paid for my research to leave an announce:

A critical excel flaw is for sale, if you wish to buy it what do you
will have:


- -full advisory (explaining how I have found it , how I exploit it)
- -full poc building a xls file, once this file opened , excel will
arbitrary run regedit.exe, a bindshellcode, or add an admin user.
- -you have all rights on it , since Im alone able to exploit it, you
will trust me, I never share privately, you will be the only owner of it.

if you wish to see what the bug does, I can compute some videos on
demand. And of course if you are willing to buy it , do not offer
something ridiculous.


for any informations , excel_for_sale@...poverflow.com


note: I know this look like a joke, but I'm serious , I should be paid
for my security research , and I really dont want to help microsoft
for free, the auction is up for whitehats and blackhats, thanks to the
resposible programs on this.
I know I have made a mistake but this was still up to you to stop me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ8WG5q+LRXunxpxfAQJj3g//bc7pkBjMyBH8tey3XT6FaCIOI4toxdeZ
xeIBVjafFHddvwUIARDEO/FIy3RGNZbfY4O3y+NC+CyhJVc+HcMFplns9AYCutNk
P7WcQ+Ax8KJth4Bo2ol2B53gdLZ6rnSWyp8Xua2GWc9Z9d6rbfrQHZaY9s53j8XP
ITmo4Yoly1A8NnD3m1ZDRN2TrDsaBZQbd97vfi20oHUH41VAN9b/lU3UI9+QC8oo
TZVDVvYi4YTnNEUfWW5CQlJ9+kDxRPfRMhOVMo/oSXgbD/56s5vRHB7eMxakLWBb
jwrdTQ/5S7ez20sK3UIZmV3919TPVHQK0NF4OX8ZpLsHPrguDUUZXXePzMcnnibl
MHGkBVIegCojHyQth8WiHo0adCAoOcuIdFXmaXXFmg3NSstsv6AFQ64fJO7vOJYs
HJ0X5BKHHTPdIElT9Uzbif5UfdARCIOhgcF/e2hXpHX7PJYXahZTUtOYLmfQbIeT
QMRJL8wH1lIAhBJiIWo+ZUJ6YgnovS8YBsffYjtRUVe7e0v+oZsuAp6c4A0XWP7O
rywj7aXT8xsz5mkHGuN9W9EiKq7XgO0d3EGyp0XZcm03CuAriCwLN/exx1bJkcw/
gCsebwGTSHbyzVDyioqjfdNskQwIakmFZvlPGC3+9Rv1aiYogH8CpBOIJgvBvkCW
kmCQMX9ui1Y=
=khwl
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ