[Full-Disclosure] Microsoft Internet Explorer 6 SP2 Vulnerabilities / FD vs. Security by Obscurity

• Previous message: Andrew Farmer: "Re: [Full-Disclosure] Time Expiry Alogorithm??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: 19 Nov 2004 20:16:21 -0000

Let s play, on Wednesday 17, Nov - Secunia released the advisory Microsoft Internet Explorer Two Vulnerabilities, related to a vulnerability discovered by cyber flash. This file download security warning bypass (unpatched) flaw could be exploited to download a malicious executable file masqueraded as a HTML document.

Microsoft said : Secunia you're bad, this vulnerability was not disclosed responsibly
Secunia said NO ! No ! We did not release the technical details of this flaw and our policy is to not reveal vulnerability details until a fix had been provided, unless they were already in the wild. We did not discover this vulnerability, so we can not censure it
Some people said Who is cyberflash ? perhaps Secunia discovered this flaw, but masked it behind a third party researcher
K-OTik Says to Some people : cyber flash is not a fictitious security researcher
K-OTik Says to MS & Secunia : There is no security through obscurity...and full disclosure is our policy

----------------------------------------------------------------
Internet Explorer 6.0 SP2 File Download Security Warning Bypass
----------------------------------------------------------------

Exploit -> http://www.k-otik.com/exploits/20041119.IESP2Unpatched.php
Technical Details - > http://www.k-otik.com/exploits/20041119.IESP2disclosure.php

all credits go to Cyber flash A.K.A Vengy

Regards
K-OTik Security Research & Survey Team 24/7
kttp://www.k-otik.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Andrew Farmer: "Re: [Full-Disclosure] Time Expiry Alogorithm??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Microsoft Internet Explorer 6 SP2 Vulnerabilities / FD vs. Security by Obscurity ... Secunia you're bad, this vulnerability was not disclosed responsibly ... cyber flash is not a fictitious security researcher ... K-OTik Says to MS & Secunia: There is no security through obscurity...and full disclosure is our policy ... $221.25 US Dollars for domestic exam delivery and $296.25 US Dollars ... (NT-Bugtraq) Re: [Full-disclosure] VulnSale: IE 6.0.2900.2180.yeahlatestversion ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... tel;work:Independent Security Researcher ... (Full-Disclosure) Re: [Full-disclosure] Internet Explorer Ver 6.0.2800.1106 vulnerability ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... tel;work:Independent Security Researcher ... (Full-Disclosure) Re: [Full-disclosure] XSS at msn.com =?KOI8-R?Q?=C9_cisco=2Eco?= =?KOI8-R?Q?m?= ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... tel;work:Independent Security Researcher ... (Full-Disclosure)