RE: Fonts of fun

["Marc Maiffret" <mmaiffret () eeye com>]

Hey Piotr, as recently emailed sorry about that. Dumb mistake that
should have been caught, one of the releases that did not go under my
personal radar. Eitherway good find on the bug, as also previously
mentioned. Hopefully it further illustrates that bugs can be found by
multiple people, whether a week apart or over 150 days apart. Zeroday is
alive and kickin

-Marc

> -----Original Message-----
> From: Piotr Bania [mailto:bania.piotr () gmail com] 
> Sent: Wednesday, January 11, 2006 7:36 AM
> To: dailydave () lists immunitysec com; dave () immunitysec com
> Subject: Re: [Dailydave] Fonts of fun
>
>
> Hi,
>
>  >...
>  >eEye's newsletter today said this about it:
>  >"Details of this flaw were first released today in 
> conjunction with  >the Microsoft patch and within minutes, 
> other researchers had reverse  >engineered the Microsoft 
> patch and shared the details online, which  >means that this 
> flaw may very well be used in an attack.  The attack  >vector 
> of this flaw is similar to the WMF flaw, in that a user must  
> > visit a malicious website containing the malicious font file."
>  >...
>  >It's clear that Piotr did not "reverse engineer the  
> > patch". He'd obviously had the bug for some time  >...
>
> Nothing more to say.
>
> best regards,
> Piotr Bania
>
> --
> --------------------------------------------------------------------
> Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19
> Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 
> AC33 http://www.piotrbania.com  - Key ID: 0xBE43AC33
> --------------------------------------------------------------------
>
>                - "The more I learn about men, the more I love dogs."