Full Disclosure mailing list archives

Re: FrSIRT False Alarm

From: "Paul" <pvnick () gmail com>
Date: Sat, 20 Aug 2005 13:33:58 -0400

"Microsoft is concerned that this new report of a vulnerability inInternet

Explorer was not disclosed responsibly, potentially putting computer users

at risk. We continue to encourage responsible disclosure ofvulnerabilities.

We believe the commonly accepted practice of reporting vulnerabilities
directly to a vendor serves everyone's best interests. This practice helps
to ensure that customers receive comprehensive, high-quality updates for
security vulnerabilities without exposure to malicious attackers while the
update is being developed."


Believe it or not, I am in full agreement with this statement.

Regards,
Paul
Greyhats Security
http://greyhatsecurity.org

----- Original Message -----From: <ad () class101 org>

To: <full-disclosure () lists grok org uk>
Sent: Saturday, August 20, 2005 6:13 AM
Subject: Re: [Full-disclosure] FrSIRT False Alarm


MS said:

"Microsoft is concerned that this new report of a vulnerability inInternet

Explorer was not disclosed responsibly, potentially putting computer users

at risk. We continue to encourage responsible disclosure ofvulnerabilities.

We believe the commonly accepted practice of reporting vulnerabilities
directly to a vendor serves everyone's best interests. This practice helps
to ensure that customers receive comprehensive, high-quality updates for
security vulnerabilities without exposure to malicious attackers while the
update is being developed."

http://www.microsoft.com/technet/security/advisory/906267.mspx

chaotic :>

do you have a test page?

No. We used the public exploit to generate a specially crafted page.


Best regards,
FrSIRT / French Security Incident Response Team 24/7
http://www.frsirt.com

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.1 (MingW32)

Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


iD8DBQFDBew5OjxwThxio44RAoWgAJ9k5+qAasePjIG8OaOe2AFjBKsvjQCfVFuD
I0Yc2oleSNh/jqc8lKRxQp8=
=CAvW

-----END PGP SIGNATURE-----


****************************************************************
KEY: 0xA7C69C5F
PRINT: 694C 3495 BCC4 2F8B D794  6BD4 AF8B 457B A7C6 9C5F
****************************************************************



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

FrSIRT False Alarm DudeVanWinkle (Aug 19)
- RE: FrSIRT False Alarm Ray P (Aug 19)
- Re: FrSIRT False Alarm naveed (Aug 24)
- <Possible follow-ups>
- RE: FrSIRT False Alarm Todd Towles (Aug 19)
  - Re: FrSIRT False Alarm DudeVanWinkle (Aug 19)
- Re: FrSIRT False Alarm ad (Aug 20)
  - Re: FrSIRT False Alarm Paul (Aug 20)
    - Re: FrSIRT False Alarm ad (Aug 20)
    - Re: FrSIRT False Alarm Thierry Zoller (Aug 20)
    - Re: FrSIRT False Alarm Paul (Aug 20)
    - Re: FrSIRT False Alarm Dave Korn (Aug 22)
    - Re: Re: FrSIRT False Alarm Ill will (Aug 22)
    - Re: FrSIRT False Alarm Ill will (Aug 24)
    - RE: FrSIRT False Alarm Aviv Raff (Aug 25)
    - Re: FrSIRT False Alarm ad (Aug 25)
    - Re: FrSIRT False Alarm Jérôme ATHIAS (Aug 21)