Re: xp sp3 remote bof

["Thor (Hammer of God)" <thor () hammerofgod com>]

Sure you can.  Email secure () microsoft com<mailto:secure () microsoft com> and let them know what the problem is, 
"real" address or not.  Make a fake one, it doesn't matter.  That would be "responsible disclosure."

t

From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
elfius
Sent: Thursday, June 16, 2011 11:50 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] xp sp3 remote bof

Hi guys,

I'm pretty new in these parts, and to the scene in general, but I've been doing low level dev for a while. Anyway 
introductions aside, I have a somewhat stable remote bof poc for xp sp3 (which I'm not going to go into detail about), 
and I've signed up to this list to ask the security community what I should do. I figured I can't just email Microsoft 
from my personal email address, and I wouldn't even know who to email at Microsoft. So I'm open to the advice of those 
a bit more experienced.
ciao,
chown

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/