RE: [Full-Disclosure] RE: new internet explorer exploit (was new worm)
From: Drew Copley (dcopley_at_eeye.com)
To: <Valdis.Kletnieks@vt.edu> Date: Mon, 29 Mar 2004 17:14:12 -0800
> -----Original Message-----
> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
> Sent: Monday, March 29, 2004 4:53 PM
> To: Drew Copley
> Cc: Jelmer; firstname.lastname@example.org;
> Subject: Re: [Full-Disclosure] RE: new internet explorer
> exploit (was new worm)
> On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley
> <email@example.com> said:
> > Yeah. It is a zero day worm, and it is very notable as such.
> > I can not recall a previous zero day worm. (AV is not my
> job, but I do
> > try and follow zero day.)
> > Hence, IE has birthed us the first zero day worm.
> Has anybody offered the Microsoft dude who denied the
> existence of 0-days
> some ketchup for his fried crow? ;)
I do not recall this quote. Such a quote would be patently untrue even
from the viewpoint of legitimate researchers that have open bugs with
them. Such bugs are "zero day", though the vendor may be aware of them.
Further, of course, it would be impossible to prove that "zero day do
not exist", though you can prove that "zero day do exist" -- but then,
they wouldn't truly be "zero day" now, would they?
The webdav bug of last year was a nice example of zero day in a major
Microsoft application being used by a malicious attacker. (Against the
US military, no less. Kudos to the US military admins. )
Though one should not create a trend from such a small sample... it is
definitely safe to say that "this is a trend"... considering the obvious
factors behind it.
Full-Disclosure - We believe in it.