Full Disclosure mailing list archives
RE: MSIE Nested Object Vulnerability Is Exploitable
From: "Strykar" <str () hackerzlair org>
Date: Sun, 30 Apr 2006 04:12:12 +0530
Stop whining and impressing us with your age and lack of schooling, and your opinions about what the list may NOT need. -scene_whore- empire? How much cable do you have? Str -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v Sent: Sunday, April 30, 2006 3:27 AM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable On 4/29/06, Secunia Research <vuln-remove () secunia com> wrote:
Microsoft therefore treats this as a privately disclosed vulnerability, thus Secunia will not be releasing any further details before Microsoft
releases a patch for this vulnerability.
Kind regards, Thomas Kristensen CTO Secunia Hammerensgade 4, 2. floor DK-1267 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 On Fri, 2006-04-28 at 09:33 +0200, Secunia Research wrote:Hello, There has recently been some discussion regarding whether or not the MSIE Nested Object Vulnerability reported by Michal Zalewski is exploitable or not.
Yes, some amougst the script kid population of the list weren't sure if it was exploitable, everyone else with a clue knew it was exploitable, hence the reason MZ disclosed the advisory in the first place. The list doesn't need Secunia verfication of advisories. Infact no one needs your entire Secunia website. I can't wait for John Cartwright to drop you guys as a sponsor. (The biggest mistake he ever made) If the vulnerability is privately disclosed and _isn't_ the same as MZ's then why talk about it in public? Sending an e-mail to MZ and telling him his advisory had uncovered a nest of ants, attached to his original tip off would have be more than adequate. Btw, when are you guys growing your -scene whore- empire? Perhaps Zone-h.org will be your next purchase. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MSIE Nested Object Vulnerability Is Exploitable Secunia Research (Apr 28)
- Re: MSIE Nested Object Vulnerability Is Exploitable Secunia Research (Apr 29)
- Re: MSIE Nested Object Vulnerability Is Exploitable n3td3v (Apr 30)
- RE: MSIE Nested Object Vulnerability Is Exploitable Strykar (Apr 30)
- Re: MSIE Nested Object Vulnerability Is Exploitable n3td3v (Apr 30)
- RE: MSIE Nested Object Vulnerability Is Exploitable Strykar (Apr 30)
- Re: MSIE Nested Object Vulnerability Is Exploitable n3td3v (Apr 30)
- Re: MSIE Nested Object Vulnerability Is Exploitable Secunia Research (Apr 29)
- Re: MSIE Nested Object Vulnerability Is Exploitable GroundZero Security (Apr 30)
- Re: MSIE Nested Object Vulnerability Is Exploitable n3td3v (Apr 30)
- Re: MSIE Nested Object Vulnerability Is Exploitable GroundZero Security (Apr 30)