Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

re: 0-day for sale on ebay

From: security curmudgeon <jericho () attrition org>
Date: Fri, 9 Dec 2005 12:36:17 -0500 (EST)


: They have even assigned a CVE entry for this: 
: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4131
: 
: Some interesting references with a screenshot included too.

Microsoft has verified the bug is legitimate though:

http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614

heBay Pulls Bidding for MS Excel Vulnerability
By Ryan Naraine
December 9, 2005

Whats the retail value of a security vulnerability in Microsoft Corp.s 
Excel spreadsheet program? At last check: $53 and counting.

An unknown security researcher chose a novel way to issue a warning for a 
code execution flaw in Excelposting it for sale on eBay. But the auction 
was pulled late Thursday after discussions between Microsoft and eBay 
Inc.

When the auction was squashed, the bidding had reached $53 and had 
attracted 19 offers.

A spokeswoman for Microsoft confirmed that the eBay listing was indeed a 
legitimate security flaw in Excel.

[..] 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: