Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability

From: Pranay Kanwar <warl0ck () metaeye org>
Date: Fri, 17 Aug 2007 12:57:33 +0530
I fully agree with your explanation and reason on the JWIG issue.

regards

warl0ck // MSG

Steven M. Christey wrote:

On Fri, 17 Aug 2007, Pranay Kanwar wrote:


Frankly i now feel, that its not SecNiche's fault entirely, it has got a
lot of encouragement from its past invalid and absurd claims.

Such as

_JWIG Context Dependent Template Calling Denial of Service Vulnerability._
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3816
http://www.securityfocus.com/bid/24974
http://xforce.iss.net/xforce/xfdb/35515


I characterized this as a design limitation that could become an issue in
applications that are written using JWIG, not JWIG itself:

  http://seclists.org/fulldisclosure/2007/Jul/0580.html

Yet nobody followed up on this to dispute my assessment or agree with it.
What is your opinion?



Also i am pretty sure the above links will stay forever and i don't suppose i
have to explain why.


The CVEs will remain as a record of a report that was heavily disputed;
unlike other vuln DBs, CVE and OSVDB don't just erase records when an
issue is disputed.  We want a provable resolution to such disputes, if one
ever arises.

- Steve



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: