Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable

from [n3td3v] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
Date: Sat, 29 Apr 2006 23:14:15 +0100
On 4/28/06, Secunia Research <vuln-remove@secunia.com> wrote: 
Hello,

There has recently been some discussion regarding whether or not the
MSIE Nested Object Vulnerability reported by Michal Zalewski is
exploitable or not.

Link to Michal Zalewski Full-Disclosure Posting:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-
April/045422.html

Because of this, Secunia has received several enquiries and comments
about the "Highly critical" rating of this advisory (SA19762) as no
proof of exploitation has been publicly disclosed.

In response to this, we would like to stress that Secunia has developed
a working exploit for this vulnerability. This exploit will not be
disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26.
The advisory rating of "Highly critical" and "System access" impact is
therefore fully justified.

Kind regards,

Thomas Kristensen
CTO

Secunia
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Denmark

Tlf.: +45 7020 5144
Fax:  +45 7020 5145


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Rofl,

So basically you're saying:

Secunia Originally Believed MZ's vulnerability disclosure _was_
exploitable, but now you're saying, opps! Secunia made a mistake, the
REAL professionals at Microsoft had to tell us infact,your so called
exploitable MZ disclosure is now unrelated to MZ's advisory
disclosure.

So infact Secunia have just admitted they don't actually have a clue,
and that your original "MZ's vulnerability is exploitable" is now
void?

Does Secunia with their pathetic "verification" of advisories have any
credibility left if you ever had any?

I guess you still haevn't figured out how to exploit MZ's advisory then?

You guys have a lot going for you, and the fact you guys are sponsor
of a major international mailing list is laughable.

Regards,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, n3td3v
Next by Date:  RE: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, Strykar
Previous by Thread:  RE: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, Strykar
Next by Thread:  Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, GroundZero Security
Indexes:  [Date] [Thread] [Top] [All Lists]