Full Disclosure mailing list archives
[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass
From: Thierry Zoller <thierry () zoller lu>
Date: Mon, 24 Feb 2020 12:37:45 +0100
________________________________________________________________________ From the lets-try-it-this-way Department Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass ________________________________________________________________________ Release mode : Vendors do not react / Reverse Coordination AttemptRef : [TZO-22-2020] - Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot
Status : Unpatched Dislosure Policy: https://caravelahq.com/b/policy/20949 1. Summary ==========Deviating from my Disclosure policy : Situations where the time it takes to discover a vulnerability is inferior to the time spend to coordinate it call for a new way to approach vulnerability coordination. I call it reverse coordination. As these are mostly low risk findings I personally do not have any issues with proceeding that way.
2. Description ==============Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot
3. Coordination ===============Unless Qihoo, respectively GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot get into touch within the next 21 days, I will proceed to publish the vulnerabilities on this very list without any further communication attempt. Many attempts have been made.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass Thierry Zoller (Feb 27)