RE: [Full-Disclosure] RE: Re: YES IT IS , is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)

[Michael Evanchik <mike@alanpickel.com>]

From:eval@hushmail.com
Sent:Fri 2/20/2004 9:39 PM
To:bugtraq@securityfocus.com
Cc:full-disclosure@lists.netsys.com
Subject:[Full-Disclosure] RE:  Re: is predicatable file location a vuln? (was 
RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
 

Why don't you release your exploits on packetstormsecurity or 
astalavistainstead of Bugtraq? You obviously have no interest in trying to 
secureanyone, instead you are deliberately hurting the security of us all. >I 
totally disagree.  Did you know microsoft sometimes refuses to accept 
vulnerabilities and dismiss them as "not a vulnerability itself" but in 
actualityonly need to be combined with other "not a vulnerability itself" 
exploits and donot understand this.  I would actually THANK bugtraq and Full 
Disclosure that posts from Http equiv and others actually seem to get a quick 
patch rate now by Microsoft then in the  past.  Experts seem to be always 
repeating them selves how this is "a year old vulnerability" and no response 
fromMicrosoft.  It seems not unless they are SHOWN in proof on concepts 
arefixes put in the works.How are you any different than a virus writer? They 
are creating malwareand releasing it on their sites, then they claim innocence 
because theydidn't click the "Send" button. Both of you are intentionally 
tryingto help blackhats, script kiddies and criminals. >Did you ever think the 
wrong someone will think of these things sooner or later?  Researches, if you 
notice, get anti virus people on top of their game for free.  They already have 
definitions for this example and others thanks fully to the "security 
researcher" Mike P.S.   AIM or Buddy Icons no longer required.  IE is just a 
big hole.