lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Apr 29 22:57:25 2006 From: n3td3v at gmail.com (n3td3v) Subject: MSIE Nested Object Vulnerability Is Exploitable On 4/29/06, Secunia Research <vuln-remove@...unia.com> wrote: > Microsoft therefore treats this as a privately disclosed vulnerability, > thus Secunia will not be releasing any further details before Microsoft releases a patch for this vulnerability. > > Kind regards, > > Thomas Kristensen > CTO > > Secunia > Hammerensgade 4, 2. floor > DK-1267 Copenhagen K > Denmark > > Tlf.: +45 7020 5144 > Fax: +45 7020 5145 > > On Fri, 2006-04-28 at 09:33 +0200, Secunia Research wrote: > > Hello, > > > > There has recently been some discussion regarding whether or not the > > MSIE Nested Object Vulnerability reported by Michal Zalewski is > > exploitable or not. Yes, some amougst the script kid population of the list weren't sure if it was exploitable, everyone else with a clue knew it was exploitable, hence the reason MZ disclosed the advisory in the first place. The list doesn't need Secunia verfication of advisories. Infact no one needs your entire Secunia website. I can't wait for John Cartwright to drop you guys as a sponsor. (The biggest mistake he ever made) If the vulnerability is privately disclosed and _isn't_ the same as MZ's then why talk about it in public? Sending an e-mail to MZ and telling him his advisory had uncovered a nest of ants, attached to his original tip off would have be more than adequate. Btw, when are you guys growing your -scene whore- empire? Perhaps Zone-h.org will be your next purchase. All the best, n3td3v
Powered by blists - more mailing lists