Network Security: Detailed info on Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

Subject:	Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Date:	Fri, 28 Apr 2006 06:36:01 -1000

Subject:

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

Date:

Fri, 28 Apr 2006 06:36:01 -1000

On Thu, 27 Apr 2006, Brian Eaton wrote:

Please note that I ask this out of curiousity, and not in an attempt to
be critical. Why not give MSRC a head start of one week?


Michal Zalewski wrote:

Because, among other things I've already mentioned, it will in no way
affect when they're going to release a patch. Their official policy is to
stick to a weird schedule.

Unfortunately, given Microsoft's recent behavior, Michal's right. Further, I too have seen the data showing much faster response times when Microsoft is blindsided. The only question that remains is whether some inherent sense of fairness on the part of the reporter dictates notifying the vendor first, even though it likely won't do any good.

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, (continued) RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Pedro Hugo Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, str0ke Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, poo Re[2]: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Thierry Zoller RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Tim Bilbro RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Brian Eaton Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Peter Besenbruch <= RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Chris Eagle Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Sol Invictus Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Aaron Gray Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Valdis . Kletnieks Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Aaron Gray Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Aaron Gray Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, meta security Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Tim RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Tim Bilbro Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, 0x80

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Sol Invictus
Next by Date:	[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar
Previous by Thread:	Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski
Next by Thread:	RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Chris Eagle
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Sol Invictus

Next by Date:

[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar

Previous by Thread:

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski

Next by Thread:

RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Chris Eagle

Indexes:

[Date] [Thread] [Top] [All Lists]