lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060510000104.1FE2233C23@mailserver5.hushmail.com>
Date: Wed May 10 01:01:13 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: IE7 Zero Day

But not a big enough threat to outbid the highest bidder who 
incidentally will be recieing full PoC by morning.



On Mon, 08 May 2006 18:04:02 -0700 n3td3v <n3td3v@...il.com> wrote:
>On 5/8/06, 0x80@...h.ai <0x80@...h.ai> wrote:
>> There is no skin to save.  No law is being broken and I am not
>> holding anyone ransom.
>>
>> Microsoft is not the only vendor that can fix this bug either, 
>it
>> would be easy to patch the DLLs involved.
>>
>> No one is monitoring anything because I have not broken any laws 

>in
>> any country.  You reply simply dances around the issue because 
>as
>> usual, you have zero idea what you are talking about.
>
>Symantec see you as threat:
>
>"
>
>ThreatCon Level is 1
>
>A researcher has made a post to the Full-Disclosure mailing list
>claiming that he has discovered two unknown and unpatched
>vulnerabilities in Microsoft Internet Explorer 7, which is 
>currently
>in beta. He also states that at least one of the issues is present 

>in
>Microsoft Internet Explorer version 6.x, but circumstances unknown 

>to
>the researcher prevent him from being able to successfully exploit 

>it.
>The discoverer of these issues has stated that they will be 
>privately
>sold to the highest bidder. Internet Explorer 7 is beta software, 
>and
>as such, should not be used on sensitive systems. Though the
>possibility of exploitation against version 6.x may exist, it 
>should
>always be assumed that there may be latent vulnerabilities in 
>client
>software. Users are advised to employ best practices such as 
>avoiding
>untrusted websites, links from untrusted sources, and running such
>software with the least possible privileges.
>
>
>"
>http://www.symantec.com/avcenter/threatcon/learnabout.html
>
>Regards,
>
>n3td3v
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ