| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.OSX.2.00.1006081744330.3591@orange.madboa.com> Date: Tue, 8 Jun 2010 17:49:40 -0700 (PDT) From: Paul Heinlein <heinlein@...boa.com> To: Secunia Research <remove-vuln@...unia.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability On Tue, 8 Jun 2010, Secunia Research wrote: > ====================================================================== > > Secunia Research 08/06/2010 > > - Microsoft Excel Record Parsing Input Validation Vulnerability - > > ====================================================================== > > ====================================================================== > 2) Severity > > Rating: Highly critical > Impact: System compromise > Where: Remote > > ====================================================================== > 6) Time Table > > 04/12/2009 - Vendor notified. > 04/12/2009 - Vendor response. > 11/01/2010 - Status update requested. > 12/01/2010 - Vendor provides status update. > 30/03/2010 - Vendor provides status update. > 27/04/2010 - Vendor provides status update. > 26/05/2010 - Vendor provides status update. > 08/06/2010 - Public disclosure. 15.75 months to respond to a critical vulnerability in one of the most widely used business applications the world has seen? w00t. -- Paul Heinlein <> heinlein@...boa.com <> www.madboa.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists