RE: [Full-Disclosure] RE: new internet explorer exploit (was new worm)

From: Drew Copley (dcopley_at_eeye.com)
Date: 03/30/04

  • Next message: Exibar: "RE: [inbox] Re: [Full-Disclosure] RE: new internet explorer exploit (was new worm)"
    To: <Valdis.Kletnieks@vt.edu>
    Date: Mon, 29 Mar 2004 17:14:12 -0800
    
    

     

    > -----Original Message-----
    > From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
    > Sent: Monday, March 29, 2004 4:53 PM
    > To: Drew Copley
    > Cc: Jelmer; full-disclosure@lists.netsys.com;
    > bugtraq@securityfocus.com
    > Subject: Re: [Full-Disclosure] RE: new internet explorer
    > exploit (was new worm)
    >
    > On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley
    > <dcopley@eeye.com> said:
    >
    > > Yeah. It is a zero day worm, and it is very notable as such.
    > >
    > > I can not recall a previous zero day worm. (AV is not my
    > job, but I do
    > > try and follow zero day.)
    > >
    > > Hence, IE has birthed us the first zero day worm.
    >
    > Has anybody offered the Microsoft dude who denied the
    > existence of 0-days
    > some ketchup for his fried crow? ;)

    I do not recall this quote. Such a quote would be patently untrue even
    from the viewpoint of legitimate researchers that have open bugs with
    them. Such bugs are "zero day", though the vendor may be aware of them.

    Further, of course, it would be impossible to prove that "zero day do
    not exist", though you can prove that "zero day do exist" -- but then,
    they wouldn't truly be "zero day" now, would they?

    The webdav bug of last year was a nice example of zero day in a major
    Microsoft application being used by a malicious attacker. (Against the
    US military, no less. Kudos to the US military admins. )

    Though one should not create a trend from such a small sample... it is
    definitely safe to say that "this is a trend"... considering the obvious
    factors behind it.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Exibar: "RE: [inbox] Re: [Full-Disclosure] RE: new internet explorer exploit (was new worm)"

    Relevant Pages