Full Disclosure mailing list archives
Re: Re: Microsoft MCWNDX.OCX ActiveX buffer overflow
From: "Steven M. Christey" <coley () mitre org>
Date: Fri, 15 Aug 2003 17:09:25 -0400 (EDT)
Georgi Guninski said:
So you are collecting 0days for free, put them in a lame database and whine more than a script kiddie this is a hard job?
I don't view it that way. 1) CVE is not a vulnerability database, per the FAQ on the CVE web site at http://cve.mitre.org/about/faq.html#A7 (though we are not blind to the fact that some people try to use it as a database anyways). The issues that we deal with in CVE have a bit of overlap with database maintainers. 2) In the past I have described the "0-day" aspects of CVE candidate number assignment, which includes situations in which CANs are assigned without MITRE involvement: http://lists.netsys.com/pipermail/full-disclosure/2003-January/003601.html 3) I have spoken in the past of the challenges in maintaining vulnerability databases, e.g. at: http://lists.netsys.com/pipermail/full-disclosure/2002-July/000186.html and in several other cases have commented on accuracy or consistency problems in vulnerability reports. I think of this as sharing information and experiences for those who may find it useful, as opposed to "whining." - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: +++++SPAM+++++ RE: Microsoft urging users to buy Harware Firewalls, (continued)
- Re: +++++SPAM+++++ RE: Microsoft urging users to buy Harware Firewalls Michael Scheidell (Aug 14)
- RE: +++++SPAM+++++ RE: Microsoft urging users to buyHarware Firewalls Simon (Aug 14)
- Re: Microsoft urging users to buy Harware Firewalls Nathan Seven (Aug 13)
- Re: Microsoft urging users to buy Harware Firewalls Sebastian Niehaus (Aug 14)
- Re: Microsoft urging users to buy Harware Firewalls Joey (Aug 14)
- Re: Re: Microsoft MCWNDX.OCX ActiveX buffer overflow Georgi Guninski (Aug 15)
- Re: Microsoft MCWNDX.OCX ActiveX buffer overflow Matthew Murphy (Aug 15)
- RE: Microsoft MCWNDX.OCX ActiveX buffer overflow Drew Copley (Aug 15)