[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

To: "Michal Zalewski" <lcamtuf@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Date: Thu, 27 Apr 2006 19:19:14 -0400

On 4/27/06, Michal Zalewski <lcamtuf@xxxxxxxxxxxx> wrote:
> Why didn't I even try, you say? Past experiences of numerous researchers
> aside, consider this: Microsoft takes 3-6 months to fix critical but
> non-public vulnerabilities in their flagship software (some of these flaws
> must've been independently discovered by the rogues, hence putting
> customers at great risk, or at best taking chances). This is not a
> reasonable timeframe, compared to industry averages. Yet, they only take
> 2-4 weeks to fix publicly disclosed bugs - thus making software safer,
> sooner.

Please note that I ask this out of curiousity, and not in an attempt
to be critical.

Why not give MSRC a head start of one week?

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
  - From: Michal Zalewski

References:
- RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
  - From: Tim Bilbro
- RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
  - From: Michal Zalewski

Prev by Date: RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Next by Date: RE: [Full-disclosure] bypassing Windows Domain Group Policy Objects
Previous by thread: RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Next by thread: Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Index(es):
- Date
- Thread