[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
- From: Dave Aitel <dave@xxxxxxxxxxxxxxx>
- Date: Wed, 14 Apr 2004 20:46:44 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Geoincidents wrote:
|> Exactly the point of full disclosure. If someone with a serious
|> axe to
|
| grind would have stumbled onto the ASN.1 flaw before the Eeye
| notice, it could have been an ELE* for MS and some major
| corporations.
|
|> Let's see, unpatched ASN.1 + Flash Worm = ?
|
|
| I think you seriously underestimate the hacking skills of eeye,
| there are very few who could turn the bugs they find into full blow
| root level exploits.
|
| Geo.
That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS, Exchange, and
everything else...
Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Have your hacking skills
underestimated by random people on FD"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAfdtzzOrqAtg8JS8RAsXlAKCdC74SQ15A7/enDE5WUuJU8kmzWACglUGR
LQ/bCax5wYlJEIw+3Oew370=
=HS6z
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html