Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Critical excel vulnerability for sale, read inside.

from [ad@heapoverflow.com] Network Security [Permanent Link]
Subject: [Full-disclosure] Critical excel vulnerability for sale, read inside.
Date: Wed, 11 Jan 2006 23:29:59 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
It has not been possible for me to reach an agreement with zdi nor
idefense for selling the excel bug because I have publicly warned
about a remote command execution in my forum, I have tried to excuse
me about my selfstarting mistakes in the rssponsible disclosure nor to
explain them then if I find a 2nd excel critical bug , how can I
submit it to them since I have publicly warned about an excel flaw ?
You should reject actually any excel flaw no ?
No that's it , they leave me alone with a critical excel flaw, so I
have no other way now to get paid for my research to leave an announce:

A critical excel flaw is for sale, if you wish to buy it what do you
will have:


- -full advisory (explaining how I have found it , how I exploit it)
- -full poc building a xls file, once this file opened , excel will
arbitrary run regedit.exe, a bindshellcode, or add an admin user.
- -you have all rights on it , since Im alone able to exploit it, you
will trust me, I never share privately, you will be the only owner of it.

if you wish to see what the bug does, I can compute some videos on
demand. And of course if you are willing to buy it , do not offer
something ridiculous.


for any informations , excel_for_sale@heapoverflow.com


note: I know this look like a joke, but I'm serious , I should be paid
for my security research , and I really dont want to help microsoft
for free, the auction is up for whitehats and blackhats, thanks to the
resposible programs on this.
I know I have made a mistake but this was still up to you to stop me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ8WG5q+LRXunxpxfAQJj3g//bc7pkBjMyBH8tey3XT6FaCIOI4toxdeZ
xeIBVjafFHddvwUIARDEO/FIy3RGNZbfY4O3y+NC+CyhJVc+HcMFplns9AYCutNk
P7WcQ+Ax8KJth4Bo2ol2B53gdLZ6rnSWyp8Xua2GWc9Z9d6rbfrQHZaY9s53j8XP
ITmo4Yoly1A8NnD3m1ZDRN2TrDsaBZQbd97vfi20oHUH41VAN9b/lU3UI9+QC8oo
TZVDVvYi4YTnNEUfWW5CQlJ9+kDxRPfRMhOVMo/oSXgbD/56s5vRHB7eMxakLWBb
jwrdTQ/5S7ez20sK3UIZmV3919TPVHQK0NF4OX8ZpLsHPrguDUUZXXePzMcnnibl
MHGkBVIegCojHyQth8WiHo0adCAoOcuIdFXmaXXFmg3NSstsv6AFQ64fJO7vOJYs
HJ0X5BKHHTPdIElT9Uzbif5UfdARCIOhgcF/e2hXpHX7PJYXahZTUtOYLmfQbIeT
QMRJL8wH1lIAhBJiIWo+ZUJ6YgnovS8YBsffYjtRUVe7e0v+oZsuAp6c4A0XWP7O
rywj7aXT8xsz5mkHGuN9W9EiKq7XgO0d3EGyp0XZcm03CuAriCwLN/exx1bJkcw/
gCsebwGTSHbyzVDyioqjfdNskQwIakmFZvlPGC3+9Rv1aiYogH8CpBOIJgvBvkCW
kmCQMX9ui1Y=
=khwl
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Critical excel vulnerability for sale, read inside., ad@heapoverflow.com <=
Previous by Date:  [Full-disclosure] Updated Advisories - Incorrect CVE Information, Advisories
Next by Date:  [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, secresearch
Previous by Thread:  [Full-disclosure] Updated Advisories - Incorrect CVE Information, Advisories
Next by Thread:  [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, secresearch
Indexes:  [Date] [Thread] [Top] [All Lists]