[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability

To: <ad@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability
From: <0x80@xxxxxxx>
Date: Sat, 20 May 2006 19:49:49 -0700

Damn hushmail.

$18,500.00 US was the final selling price.  They offered a bit more 
for exlusivity for any future bugs but I turned them down.  The 
buyer wishes to remain anonymous.

All funds have been recieved in my account.  More bugs are coming 
soon.

On Sat, 20 May 2006 19:26:04 -0700 "ad@xxxxxxxxxxxxxxxx" 
<ad@xxxxxxxxxxxxxxxx> wrote:
>try to check the list archive which got it correctly
>
>http://lists.grok.org.uk/pipermail/full-disclosure/2006-
>May/046196.html
>
>
>huhu
>
>
>0x80@xxxxxxx wrote:
>> What is with the constant blank replies from this guy?  Is he a 
>> chink who doesn't know how to use email?
>>
>> On Sat, 20 May 2006 16:47:10 -0700 "ad@xxxxxxxxxxxxxxxx" 
>> <ad@xxxxxxxxxxxxxxxx> wrote:
>>   
>>> 0x80@xxxxxxx wrote:
>>>     
>>>> I sold both of them to the same buyer and we figured out why I
>>>> wasn't able to exploit it on IE 6.0.
>>>>
>>>> On Wed, 17 May 2006 01:48:38 -0700 Rajesh V 
><rvarada@xxxxxxxxx>
>>>> wrote:
>>>>       
>>>>> Since this has turned into a spam thread anyway, does anyone 
>>>>>         
>>> know
>>>     
>>>>> whatever happend to that IE7 exploit this guy was trying to 
>>>>>         
>> sell
>>   
>>>>> here?
>>>>>
>>>>>
>>>>>
>>>>> On 5/17/06, 0x80@xxxxxxx <0x80@xxxxxxx> wrote:
>>>>>         
>>>>>> AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM 
>I
>>>>>> BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I 
>>>>>>           
>>> BUGGING
>>>     
>>>>>> YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING 
>YOU? 
>>>>>>           
>>>>> AM I
>>>>>         
>>>>>> BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I 
>>>>>>           
>>> BUGGING
>>>     
>>>>>> YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING 
>YOU? 
>>>>>>           
>>>>> AM I
>>>>>         
>>>>>> BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I 
>>>>>>           
>>> BUGGING
>>>     
>>>>>> YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING 
>YOU? 
>>>>>>           
>>>>> AM I
>>>>>         
>>>>>> BUGGING YOU?
>>>>>>
>>>>>> On Tue, 16 May 2006 00:57:27 -0700 ". Solo" 
>>>>>>           
>>> <soloaway@xxxxxxxxx>
>>>     
>>>>>> wrote:
>>>>>>           
>>>>>>> Shut the fuck up  please~~
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2006/5/16, 0x80@xxxxxxx <0x80@xxxxxxx>:
>>>>>>>             
>>>>>>>> Ahhh there is a mature response.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 11 May 2006 20:14:49 -0700 ". Solo"
>>>>>>>>               
>>>>> <soloaway@xxxxxxxxx>
>>>>>         
>>>>>>>> wrote:
>>>>>>>>               
>>>>>>>>> Shut the fuck up!!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2006/5/11, 0x80@xxxxxxx <0x80@xxxxxxx>:
>>>>>>>>>                 
>>>>>>>>>> Shouldnt this be considered low risk and not medium?
>>>>>>>>>>
>>>>>>>>>>                   
>>>>>> Concerned about your privacy? Instantly send FREE secure 
>>>>>>           
>> email,
>>   
>>>>> no account required
>>>>>         
>>>>>> http://www.hushmail.com/send?l=480
>>>>>>
>>>>>> Get the best prices on SSL certificates from Hushmail
>>>>>> https://www.hushssl.com?l=485
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>>           
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>         
>>>>
>>>> Concerned about your privacy? Instantly send FREE secure 
>email, 
>>>>       
>>> no
>>> account required
>>>     
>>>> http://www.hushmail.com/send?l=480
>>>>
>>>> Get the best prices on SSL certificates from Hushmail
>>>> https://www.hushssl.com?l=485
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>>
>>>> __________ NOD32 1.1550 (20060520) Information __________
>>>>
>>>> This message was checked by NOD32 antivirus system.
>>>> http://www.eset.com
>>>>
>>>>
>>>>
>>>>       
>>
>>
>>
>> Concerned about your privacy? Instantly send FREE secure email, 
>no account required
>> http://www.hushmail.com/send?l=480
>>
>> Get the best prices on SSL certificates from Hushmail
>> https://www.hushssl.com?l=485
>>
>>
>>
>> __________ NOD32 1.1551 (20060521) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.eset.com
>>
>>
>>
>>



Concerned about your privacy? Instantly send FREE secure email, no account 
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability
Next by Date: [Full-disclosure] [SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
Previous by thread: Re: [Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability
Next by thread: [Full-disclosure] [SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution
Index(es):
- Date
- Thread