Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: MSIE (mshtml.dll) OBJECT tag vulnerability

From: "Pedro Hugo" <fractalg () highspeedweb net>
Date: Thu, 27 Apr 2006 09:06:04 -0400 (EDT)
  "Just who does he think he is? [...] Zalewski may think he's some sort

of hero disclosing this information, but his is the act of a vandal.
If

  it turns out that the bug is exploitable and abused before it's

patched,

  then perhaps he'll be proud to be remembered for that."


He is what he wants to be... Afaik, there are no laws about disclosure.
Everyone does what he thinks it's best, even if it's best only for himself
(like Adam Smith "said", everyone acts on their own interest).
The bug requires user interaction. If most users are too stupid to click
anything, the problem will not be solved with patching.
And, even with patches, can you estimate what percentage of systems which
are patched right away ? Yeah, most aren't!

No sysadmin likes to be catched by surprise with security problems. But,
life isn't always perfect !



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: