[Full-Disclosure] RE: Full-disclosure: JEPG Hype or Hope?

["RandallM" <randallm () fidmail com>]

What exactly would one gain by creating a PoC on this exploit?
How exactly does this compare to meaningful disclosures that were
revealed because someone would not listen or ignored the warnings
of their security vulnerability.

I mean, this is nothing like a program goof that allows clear-text
Passwords or exposes files or the like. This exploit (if it can be
called that) took a lot of thought to create it and exploit it.

Correct me if I'm wrong but it does not fall in to the category
of "exploit" as defined by this list. This was truly a "created Exploit" 
that would not be their otherwise. This took intelligent input.

This is nothing more then a black-hat attack. It is not a meaningful
revealing of poor security as I've seen defined on this list.

<|>--__--__--
<|>
<|>Message: 13
<|>From: "i.t " <fulldis () it97 dyndns org>
<|>Organization: i.t consulting
<|>To: full-disclosure () lists netsys com
<|>Date: Sun, 26 Sep 2004 11:57:33 +0200
<|>Subject: [Full-disclosure] Re: MS04-028 Jpeg EXPLOIT - msn
<|>
<|>
<|>> On Saturday 25 September 2004 16:59, raza wrote:
<|>> > I just compiled this and it works well..
<|>> >
<|> ...
<|>> yes and it works very well.
<|>> > I can see this ones gaana be fun...
<|>> We'll have a worm within days.

<|>
<|>for nearly all of my clients using win xp I've deinstalled 
<|>win messenger.
<|>one urgently wanted it back for communicating in real-time; 
<|>and, of course, 
<|>it's much more fun seeing a live picture of the 
<|>counterpart(s) in the chat 
<|>window...
<|>
<|>even having installed sp2 and the newest patches plus AV I 
<|>can imagine a virus 
<|>spreading within those pictures throughout the whole msn and so on...
<|>any other defense?
<|>or ist this too much paranoia?
<|>
<|>i.t
<|>
<|>
<|>--__--__--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html