Re: [Full-disclosure] FrSIRT False Alarm

ad_at_class101.org
Date: 08/20/05

  • Next message: Ulf Harnhammar: "[Full-disclosure] [RETRO AUDITING] Elm remote buffer overflow in Expires header" 
    To: <full-disclosure@lists.grok.org.uk>
Date: Sat, 20 Aug 2005 12:13:16 +0200

    MS said:

    "Microsoft is concerned that this new report of a vulnerability in Internet
    Explorer was not disclosed responsibly, potentially putting computer users
    at risk. We continue to encourage responsible disclosure of vulnerabilities.
    We believe the commonly accepted practice of reporting vulnerabilities
    directly to a vendor serves everyone's best interests. This practice helps
    to ensure that customers receive comprehensive, high-quality updates for
    security vulnerabilities without exposure to malicious attackers while the
    update is being developed."

    http://www.microsoft.com/technet/security/advisory/906267.mspx

    chaotic :>

    >>do you have a test page?
    >No. We used the public exploit to generate a specially crafted page.
    >
    >
    >Best regards,
    >FrSIRT / French Security Incident Response Team 24/7
    >http://www.frsirt.com
    >-----BEGIN PGP SIGNATURE-----
    >Version: GnuPG v1.4.1 (MingW32)
    >Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
    >
    >
    >iD8DBQFDBew5OjxwThxio44RAoWgAJ9k5+qAasePjIG8OaOe2AFjBKsvjQCfVFuD
    >I0Yc2oleSNh/jqc8lKRxQp8=
    >=CAvW
    >-----END PGP SIGNATURE-----

    ****************************************************************
    KEY: 0xA7C69C5F
    PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F
    ****************************************************************

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Ulf Harnhammar: "[Full-disclosure] [RETRO AUDITING] Elm remote buffer overflow in Expires header"

    Relevant Pages

    • WebEx Downloader Plug-in Multiple Vulnerabilities + rant
      ... All these vulnerabilities were reported to WebEx by NGS Software back on the 24th February 2005 along with some other issues. ... I see that you *DID* report the vuln (the ... WebEx Downloader Plug-in Multiple Vulnerabilities ... Successful exploitation may allow execution of arbitrary code. ...
      (Bugtraq)
    • [VulnWatch] WebEx Downloader Plug-in Multiple Vulnerabilities + rant
      ... All these vulnerabilities were reported to WebEx by NGS Software back on the 24th February 2005 along with some other issues. ... I see that you *DID* report the vuln (the ... WebEx Downloader Plug-in Multiple Vulnerabilities ... Successful exploitation may allow execution of arbitrary code. ...
      (VulnWatch)
    • Re: Mac Security: Weekly Summary 04-20-2006
      ... Note that a vulnerability report was made by Secunia 04-21-06, ... Tom Ferris has reported some potential vulnerabilities in Mac OS X, ... processing malformed GIF images and can be exploited via e.g. Safari ...
      (comp.sys.mac.system)
    • Re: Starting a Pen-Testing Career
      ... How else would they be able to provide such a report in isolation - ... and making their business plans work to worry so much about security. ... they hire a pen-tester or ethical hacker to tell them the things ... informed as to how the vulnerabilities exisit, how they can be exploited and ...
      (alt.computer.security)
    • Re: [Full-disclosure] FrSIRT False Alarm
      ... Subject: [Full-disclosure] FrSIRT False Alarm ... |> We believe the commonly accepted practice of reporting vulnerabilities ...
      (Full-Disclosure)
    • Quantcast