[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: [Full-disclosure] 0-day for sale on ebay

To: full-disclosure@xxxxxxxxxxxxxxxxx, Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Subject: re: [Full-disclosure] 0-day for sale on ebay
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Fri, 9 Dec 2005 12:36:17 -0500 (EST)


: They have even assigned a CVE entry for this: 
: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4131
: 
: Some interesting references with a screenshot included too.

Microsoft has verified the bug is legitimate though:

http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614

heBay Pulls Bidding for MS Excel Vulnerability
By Ryan Naraine
December 9, 2005

Whats the retail value of a security vulnerability in Microsoft Corp.s 
Excel spreadsheet program? At last check: $53 and counting.

An unknown security researcher chose a novel way to issue a warning for a 
code execution flaw in Excelposting it for sale on eBay. But the auction 
was pulled late Thursday after discussions between Microsoft and eBay 
Inc.

When the auction was squashed, the bidding had reached $53 and had 
attracted 19 offers.

A spokeswoman for Microsoft confirmed that the eBay listing was indeed a 
legitimate security flaw in Excel.

[..] 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] 0-day for sale on ebay
  - From: Georgi Guninski

References:
- re: [Full-disclosure] 0-day for sale on ebay
  - From: Juha-Matti Laurio

Prev by Date: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack
Next by Date: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork
Previous by thread: re: [Full-disclosure] 0-day for sale on ebay
Next by thread: Re: [Full-disclosure] 0-day for sale on ebay
Index(es):
- Date
- Thread