Re: Microsoft MSDTC NdrAllocate Validation Vulnerability

[<0x80 () hush ai>]

Damn hushmail.

$18,500.00 US was the final selling price.  They offered a bit more 
for exlusivity for any future bugs but I turned them down.  The 
buyer wishes to remain anonymous.

All funds have been recieved in my account.  More bugs are coming 
soon.

On Sat, 20 May 2006 19:26:04 -0700 "ad () heapoverflow com" 
<ad () heapoverflow com> wrote:
> try to check the list archive which got it correctly
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-
> May/046196.html
>
>
> huhu
>
>
> 0x80 () hush ai wrote:
> > What is with the constant blank replies from this guy?  Is he a 
> > chink who doesn't know how to use email?
> >
> > On Sat, 20 May 2006 16:47:10 -0700 "ad () heapoverflow com" 
> > <ad () heapoverflow com> wrote:
> >   
> > > 0x80 () hush ai wrote:
> > >     
> > > > I sold both of them to the same buyer and we figured out why I
> > > > wasn't able to exploit it on IE 6.0.
> > > >
> > > > On Wed, 17 May 2006 01:48:38 -0700 Rajesh V 
> <rvarada () gmail com>
> > > > wrote:
> > > >       
> > > > > Since this has turned into a spam thread anyway, does anyone 
> > > > >         
> > > know
> > >     
> > > > > whatever happend to that IE7 exploit this guy was trying to 
> > > > >         
> > sell
> >   
> > > > > here?
> > > > >
> > > > >
> > > > >
> > > > > On 5/17/06, 0x80 () hush ai <0x80 () hush ai> wrote:
> > > > >         
> > > > > > AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM 
> I
> > > > > > BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I 
> > > > > >           
> > > BUGGING
> > >     
> > > > > > YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING 
> YOU? 
> > > > > >           
> > > > > AM I
> > > > >         
> > > > > > BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I 
> > > > > >           
> > > BUGGING
> > >     
> > > > > > YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING 
> YOU? 
> > > > > >           
> > > > > AM I
> > > > >         
> > > > > > BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I 
> > > > > >           
> > > BUGGING
> > >     
> > > > > > YOU?  AM I BUGGING YOU?  AM I BUGGING YOU?  AM I BUGGING 
> YOU? 
> > > > > >           
> > > > > AM I
> > > > >         
> > > > > > BUGGING YOU?
> > > > > >
> > > > > > On Tue, 16 May 2006 00:57:27 -0700 ". Solo" 
> > > > > >           
> > > <soloaway () gmail com>
> > >     
> > > > > > wrote:
> > > > > >           
> > > > > > > Shut the fuck up  please~~
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > 2006/5/16, 0x80 () hush ai <0x80 () hush ai>:
> > > > > > >             
> > > > > > > > Ahhh there is a mature response.
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, 11 May 2006 20:14:49 -0700 ". Solo"
> > > > > > > >               
> > > > > <soloaway () gmail com>
> > > > >         
> > > > > > > > wrote:
> > > > > > > >               
> > > > > > > > > Shut the fuck up!!
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > 2006/5/11, 0x80 () hush ai <0x80 () hush ai>:
> > > > > > > > >                 
> > > > > > > > > > Shouldnt this be considered low risk and not medium?
> > > > > > > > > >
> > > > > > > > > >                   
> > > > > > Concerned about your privacy? Instantly send FREE secure 
> > > > > >           
> > email,
> >   
> > > > > no account required
> > > > >         
> > > > > > http://www.hushmail.com/send?l=480
> > > > > >
> > > > > > Get the best prices on SSL certificates from Hushmail
> > > > > > https://www.hushssl.com?l=485
> > > > > >
> > > > > > _______________________________________________
> > > > > > Full-Disclosure - We believe in it.
> > > > > > Charter: http://lists.grok.org.uk/full-disclosure-
> charter.html
> > > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > > >
> > > > > >           
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-
> charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > >         
> > > >
> > > > Concerned about your privacy? Instantly send FREE secure 
> email, 
> > > >       
> > > no
> > > account required
> > >     
> > > > http://www.hushmail.com/send?l=480
> > > >
> > > > Get the best prices on SSL certificates from Hushmail
> > > > https://www.hushssl.com?l=485
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > > >
> > > > __________ NOD32 1.1550 (20060520) Information __________
> > > >
> > > > This message was checked by NOD32 antivirus system.
> > > > http://www.eset.com
> > > >
> > > >
> > > >
> > > >       
> >
> >
> >
> > Concerned about your privacy? Instantly send FREE secure email, 
> no account required
> > http://www.hushmail.com/send?l=480
> >
> > Get the best prices on SSL certificates from Hushmail
> > https://www.hushssl.com?l=485
> >
> >
> >
> > __________ NOD32 1.1551 (20060521) Information __________
> >
> > This message was checked by NOD32 antivirus system.
> > http://www.eset.com



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/