Full Disclosure mailing list archives
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Scott Taylor <scott%BerthoudWireless.net () berthoudwireless net>
Date: Tue, 10 Feb 2004 22:14:07 -0700
Wow, you pay about as much attention as microsoft does. That 93 is "days overdue", 153 days after it was reported to that cluster of incompetents. It really should read about 150 days overdue, someone apparently felt it was reasonable to take 2 months to release a patch? Besides, thats just the stuff that eeye notified them of, and doesn't take into account reports from everyone else they pretend isn't a problem until it makes headlines on CNN. On Tue, 2004-02-10 at 21:14, Les Ault wrote:
Apparently there are 7 upcoming advisories, and the oldest one is 93 days old. Link: http://www.eeye.com/html/Research/Upcoming/index.html -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Richard M. Smith Sent: Tuesday, February 10, 2004 9:41 PM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Hi Marc, >>> Date Reported: July 25, 2003 Given that it took Microsoft almost 6 months to fix this problem, I'm wondering how many other Eeye security holes are in the queue that Microsoft is currently working on. Enquiring minds would like to know! ;-) Richard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Scott Taylor - <scott () BerthoudWireless net> "Nature abhors a Vacuum" -- Brian Behlendorf on OSS (Open Sources, 1999 O'Reilly and Associates)
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Papp Geza (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Richard M. Smith (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Byron Copeland (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Les Ault (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Byron Copeland (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Benjamin Meade (Feb 10)
- Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption) Spiro Trikaliotis (Feb 11)
- Re: Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption) CHS (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption J. Theriault (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Scott Taylor (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library LengthOverflow Heap Corruption Tim Kowalsky (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Damian Gerow (Feb 10)
- <Possible follow-ups>
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption http-equiv () excite com (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Philippe (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Philippe (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joao Gouveia (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption jeremy (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption webheadport80 (Feb 11)