Re: [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
- From: "Jason Areff" <hailtheczar@xxxxxxxxx>
- Date: Wed, 24 Jan 2007 17:35:54 -0600
On 1/24/07, Christian Kujau <lists@xxxxxxxxxxxxxxx> wrote:
Where do you see 1+ year? *Pre-existing* means there already existed a
On Wed, 24 Jan 2007, zdi-disclosures@xxxxxxxx wrote:
> -- Disclosure Timeline:
> 2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint
> customers
> 2006.10.02 - Vulnerability reported to vendor
> 2007.01.24 - Coordinated public release of advisory
out of curiosity: why took it 1+ year to report this vulneralbility to
the vendor?
"vaccine" that blocked vulnerabilities of this type released in '05. This
does not necessarily mean that was when ZDI received the bug submission. So
it was reported to the vendor in October and released to the public in
January... 4 months is not an outstanding patch time.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- References:
- Prev by Date: [Full-disclosure] [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities
- Next by Date: Re: [Full-disclosure] Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
- Previous by thread: Re: [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
- Next by thread: Re: [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
- Index(es):
Relevant Pages
|
|
