[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MSIE src&name property disclosure

To: joe <mvp@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] MSIE src&name property disclosure
From: Dave Aitel <dave@xxxxxxxxxxxxxxx>
Date: Mon, 15 Nov 2004 16:10:51 -0500

Joe,

http://www.immunitysec.com/services-sharing.shtml has the answers to your questions about the Immunity VSC, but my point was specifically about bugs that Microsoft knew about, but didn't think the public did. In Linux's case, said bugs would have a detailed advisory. In Microsoft's case, such bugs are wrapped into the next service pack silently.

Private firms such as Immunity and several others in the market often close the gaps, but it's likely that hackers have had such bugs for long periods of time.

Dave Aitel
Immunity, Inc.

joe wrote:

I don't know how your club works.
Do you report to MS as well or just within your club that you charge people
to be part of? Has MS responded to you if you did report it? What was their
response that makes WINS a classic example?
joe

-----Original Message----- From: Dave Aitel [mailto:dave@xxxxxxxxxxxxxxx] Sent: Monday, November 15, 2004 3:38 PM To: joe Cc: 'Michal Zalewski'; 'Berend-Jan Wever'; full-disclosure@xxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: [Full-Disclosure] MSIE src&name property disclosure
That's a good question for your Microsoft sales rep. If you want technical
details, Immunity has a working and reliable Wins exploit in the
Vulnerability Sharing Club version of CANVAS. I think there's an interesting
difference between how the Linux community handled the recent kernel bugs,
and how Microsoft and other commercial vendors handle all bugs.
Dave Aitel
Immunity, Inc.
joe wrote:
How is it an example?

-----Original Message----- From: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Dave Aitel Sent: Monday, November 08, 2004 9:49 AM To: Michal Zalewski Cc: Berend-Jan Wever; full-disclosure@xxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: [Full-Disclosure] MSIE src&name property disclosure
<SNIP>
WINS is a classic example.
<SNIP>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] MSIE src&name property disclosure
  - From: joe

Prev by Date: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Next by Date: RE: [Full-Disclosure] MSIE src&name property disclosure
Previous by thread: RE: [Full-Disclosure] MSIE src&name property disclosure
Next by thread: Re: [Full-Disclosure] MSIE src&name property disclosure
Index(es):
- Date
- Thread