[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability
- To: Secunia Research <remove-vuln@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability
- From: Paul Heinlein <heinlein@xxxxxxxxxx>
- Date: Tue, 8 Jun 2010 17:49:40 -0700 (PDT)
On Tue, 8 Jun 2010, Secunia Research wrote:
> ======================================================================
>
> Secunia Research 08/06/2010
>
> - Microsoft Excel Record Parsing Input Validation Vulnerability -
>
> ======================================================================
>
> ======================================================================
> 2) Severity
>
> Rating: Highly critical
> Impact: System compromise
> Where: Remote
>
> ======================================================================
> 6) Time Table
>
> 04/12/2009 - Vendor notified.
> 04/12/2009 - Vendor response.
> 11/01/2010 - Status update requested.
> 12/01/2010 - Vendor provides status update.
> 30/03/2010 - Vendor provides status update.
> 27/04/2010 - Vendor provides status update.
> 26/05/2010 - Vendor provides status update.
> 08/06/2010 - Public disclosure.
15.75 months to respond to a critical vulnerability in one of the most
widely used business applications the world has seen? w00t.
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> www.madboa.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/