Message-ID: <1906611.tfDQ731zyj@chaos>
Date: Tue, 13 Aug 2013 02:10:32 -0500
From: xnite@...te.org
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 0day IE9/10 information disclosure
	vulnerability

The POC you mentioned here appears to:
a. be in a foreign language.
b. requires a login

On Monday 12 August 2013 13:31:50 yuange wrote:


somebody's poc 

http://weibo.com/p/1005051838905715/weibo?from=page_100505_home&wvr=5.1&mod=we
ibomore#3610572387549394[1]   微软呀，要怎么说你们呢。3个月的沟通不承认，一
定要POC才承认，这么简单的代码看不懂吗？说得那么明白写POC真的有那么难
吗？实在太磨叽了。 这个漏洞你们还感谢360吗？不是我不配合，3个月的沟通，不
给POC就关闭这个漏洞的修补。顺便问一声，那几个漏洞修补还要花几个月呀？  


--------------------
From: yuange1975@...mail.comTo: full-disclosure@...ts.grok.org.ukSubject: 0day IE9/10 
information disclosure vulnerabilityDate: Mon, 29 Jul 2013 07:22:18 +0000





#0day[2] IE9/10 information disclosure vulnerability http://t.cn/zQJYHgA [3] .Technical 
challenge how to write exploit code?


漏洞报告已经说得很明白，指出问题代码，怎么定位代码。鉴于微软一次次的纠缠
于需要提供POC，那就让大家来写POC吧，写好记得发一份给微软。 ：）


https://twitter.com/yuange75[4]  我的观点：


#antiNSA[5] 现在APT的大环境下，POC代码、EXP利用技术都是宝贵资源，不想因
为中间环节被控制或者SNIFFER而丢失这些宝贵资源，现在坚定报告漏洞不提供
POC和EXP，除非有偿的漏洞报告。反汇编指出问题代码点，对于漏洞修补已经提
供了足够的重要信息了，要想POC自己分析。







--------
[1] 
http://weibo.com/p/1005051838905715/weibo?from=page_100505_home&wvr=5.1&mod=we
ibomore#3610572387549394
[2] https://twitter.com/search?q=%230day&src=hash
[3] http://t.co/17Ac3VkE9C
[4] https://twitter.com/yuange75
[5] https://twitter.com/search?q=%23antiNSA&src=hash

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists