Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable

from [Strykar] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
Date: Sun, 30 Apr 2006 04:12:12 +0530 
Stop whining and impressing us with your age and lack of schooling, and your
opinions about what the list may NOT need.

-scene_whore- empire?
How much cable do you have?



Str





-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of n3td3v
Sent: Sunday, April 30, 2006 3:27 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is
Exploitable

On 4/29/06, Secunia Research <vuln-remove@secunia.com> wrote:

Microsoft therefore treats this as a privately disclosed vulnerability,
thus Secunia will not be releasing any further details before Microsoft

 releases a patch for this vulnerability.


Kind regards,

Thomas Kristensen
CTO

Secunia
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Denmark

Tlf.: +45 7020 5144
Fax:  +45 7020 5145

On Fri, 2006-04-28 at 09:33 +0200, Secunia Research wrote:

Hello,

There has recently been some discussion regarding whether or not the
MSIE Nested Object Vulnerability reported by Michal Zalewski is
exploitable or not.


Yes, some amougst the script kid population of the list weren't sure
if it was exploitable, everyone else with a clue knew it was
exploitable, hence the reason MZ disclosed the advisory in the first
place.

The list doesn't need Secunia verfication of advisories. Infact no one
needs your entire Secunia website.

I can't wait for John Cartwright to drop you guys as a sponsor. (The
biggest mistake he ever made)

If the vulnerability is privately disclosed and _isn't_ the same as
MZ's then why talk about it in public?

Sending an e-mail to MZ and telling him his advisory had uncovered a
nest of ants, attached to his original tip off would have be more than
adequate.

Btw, when are you guys growing your -scene whore- empire? Perhaps
Zone-h.org will be your next purchase.

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, n3td3v
Next by Date:  Re: [Full-disclosure] Should I Be Worried?, Steve Kudlak
Previous by Thread:  Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, n3td3v
Next by Thread:  Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable, n3td3v
Indexes:  [Date] [Thread] [Top] [All Lists]