lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <04f901c66b5c$0d8d11b0$0100a8c0@nuclearwinter>
Date: Sun Apr 30 00:07:44 2006
From: fd at g-0.org (GroundZero Security)
Subject: MSIE Nested Object Vulnerability Is Exploitable

Yaaaawwwnnnnnnn..........

> Does Secunia with their pathetic "verification" of advisories have any
> credibility left if you ever had any?

Yes, at least people care about their information, while your Emails are just beeing ignored
for the most time unless someone wants some cheap coffee break entertainment.

> I guess you still haevn't figured out how to exploit MZ's advisory then?

As if you would know anything other than XSS so be silent. You have no idea
of the nature of the vulnerabilities that are beeing discussed. So go back and
research your childish scripting stuff and leave the real bugs to the skilled people. 

> You guys have a lot going for you, and the fact you guys are sponsor
> of a major international mailing list is laughable.

The fact that you still think people take you serious is laughable too.

----- Original Message ----- 
From: "n3td3v" <n3td3v@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Sunday, April 30, 2006 12:14 AM
Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable


> On 4/28/06, Secunia Research <vuln-remove@...unia.com> wrote:
> > Hello,
> >
> > There has recently been some discussion regarding whether or not the
> > MSIE Nested Object Vulnerability reported by Michal Zalewski is
> > exploitable or not.
> >
> > Link to Michal Zalewski Full-Disclosure Posting:
> > http://lists.grok.org.uk/pipermail/full-disclosure/2006-
> > April/045422.html
> >
> > Because of this, Secunia has received several enquiries and comments
> > about the "Highly critical" rating of this advisory (SA19762) as no
> > proof of exploitation has been publicly disclosed.
> >
> > In response to this, we would like to stress that Secunia has developed
> > a working exploit for this vulnerability. This exploit will not be
> > disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26.
> > The advisory rating of "Highly critical" and "System access" impact is
> > therefore fully justified.
> >
> > Kind regards,
> >
> > Thomas Kristensen
> > CTO
> >
> > Secunia
> > Hammerensgade 4, 2. floor
> > DK-1267 Copenhagen K
> > Denmark
> >
> > Tlf.: +45 7020 5144
> > Fax:  +45 7020 5145
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> 
> 
> Rofl,
> 
> So basically you're saying:
> 
> Secunia Originally Believed MZ's vulnerability disclosure _was_
> exploitable, but now you're saying, opps! Secunia made a mistake, the
> REAL professionals at Microsoft had to tell us infact,your so called
> exploitable MZ disclosure is now unrelated to MZ's advisory
> disclosure.
> 
> So infact Secunia have just admitted they don't actually have a clue,
> and that your original "MZ's vulnerability is exploitable" is now
> void?
> 
> Does Secunia with their pathetic "verification" of advisories have any
> credibility left if you ever had any?
> 
> I guess you still haevn't figured out how to exploit MZ's advisory then?
> 
> You guys have a lot going for you, and the fact you guys are sponsor
> of a major international mailing list is laughable.
> 
> Regards,
> 
> n3td3v
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ