lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8f1f7b60702191811g4b48e1f7qce9e53ed6456b117@mail.gmail.com>
Date: Mon, 19 Feb 2007 21:11:23 -0500
From: "Peter Dawson" <slash.pd@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Internet Explorer Local File
	Accesses Vulnerability

just asking... Is this std practice by vendor to state.... ???

"[..] we ask you respect responsible disclosure guidelines and not report
this publicly...."

/pd

On 2/19/07, Michal Zalewski <lcamtuf@...ne.ids.pl> wrote:
>
> On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote:
>
> > Microsoft Internet Explorer is a default browser bundled with all
> > versions of Microsoft Windows operating system.
>
> Any luck with sending the data back to the attacker? SCRIPT and STYLE ones
> can be used to steal data from very specifically formatted files, but
> that's not a whole lot.
>
> /mz
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ