[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a166c090604291514u17d3c4a5pa904334743beb40f@mail.gmail.com>
Date: Sat Apr 29 23:14:24 2006
From: n3td3v at gmail.com (n3td3v)
Subject: MSIE Nested Object Vulnerability Is Exploitable
On 4/28/06, Secunia Research <vuln-remove@...unia.com> wrote:
> Hello,
>
> There has recently been some discussion regarding whether or not the
> MSIE Nested Object Vulnerability reported by Michal Zalewski is
> exploitable or not.
>
> Link to Michal Zalewski Full-Disclosure Posting:
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-
> April/045422.html
>
> Because of this, Secunia has received several enquiries and comments
> about the "Highly critical" rating of this advisory (SA19762) as no
> proof of exploitation has been publicly disclosed.
>
> In response to this, we would like to stress that Secunia has developed
> a working exploit for this vulnerability. This exploit will not be
> disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26.
> The advisory rating of "Highly critical" and "System access" impact is
> therefore fully justified.
>
> Kind regards,
>
> Thomas Kristensen
> CTO
>
> Secunia
> Hammerensgade 4, 2. floor
> DK-1267 Copenhagen K
> Denmark
>
> Tlf.: +45 7020 5144
> Fax: +45 7020 5145
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Rofl,
So basically you're saying:
Secunia Originally Believed MZ's vulnerability disclosure _was_
exploitable, but now you're saying, opps! Secunia made a mistake, the
REAL professionals at Microsoft had to tell us infact,your so called
exploitable MZ disclosure is now unrelated to MZ's advisory
disclosure.
So infact Secunia have just admitted they don't actually have a clue,
and that your original "MZ's vulnerability is exploitable" is now
void?
Does Secunia with their pathetic "verification" of advisories have any
credibility left if you ever had any?
I guess you still haevn't figured out how to exploit MZ's advisory then?
You guys have a lot going for you, and the fact you guys are sponsor
of a major international mailing list is laughable.
Regards,
n3td3v
Powered by blists - more mailing lists