Full Disclosure mailing list archives

Re: IE7 Zero Day

From: <0x80 () hush ai>
Date: Fri, 5 May 2006 09:01:02 -0700

I do not support nor do I wish to participate in anything iDefense 
does.  They are the original parasites of your industry.


On Fri, 05 May 2006 02:14:49 -0700 Thor Larholm 
<thor.larholm () futurematch dk> wrote:

Sell it to iDefense through their VCP program. A reproduceable 
code 
execution vulnerability will fetch you anywhere between $1.000 to 
$10.000. With the uncertainty of whether this makes it into IE7 
final 
I'm guessing you'll get 2-3K.

http://labs.idefense.com/vcp.php

Say hi to Ken Dunham or Michael Sutton from me :)

Cheers
Thor Larholm

0x80 () hush ai wrote:

Yes, this is a beta product but I have reason to believe that

this

issue will not be discovered of fixed by M$ before it goes to

gold.

Why do I believe this?  Because the issue is found in IE 6 but 
doesnt seem to exploit.  Not saying it is not exploitable I am 
saying that I cant make it exploit.

I work as a pizza delivery driver at night and work part time 
landscaping in my days.  So I feel it is only fair that I be 
compensated for this vulnerability.

Highest bidder that can convince me that you will actually pay 
wins.



Concerned about your privacy? Instantly send FREE secure email,

no account required

http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
Med venlig hilsen

Thor Larholm
CFO, Futurematch ApS
+45 3123 5504




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: IE7 Zero Day, (continued)
- - Re: IE7 Zero Day xyberpix (May 07)
  - Re: IE7 Zero Day c0redump (May 07)
- Re: IE7 Zero Day 0x80 (May 04)
  - Re: IE7 Zero Day sk (May 05)
  - Re: IE7 Zero Day FRLinux (May 05)
- Re: IE7 Zero Day 0x80 (May 04)
- Re: IE7 Zero Day 0x80 (May 04)
  - Re: IE7 Zero Day Randal T. Rioux (May 04)
- Re: IE7 Zero Day 0x80 (May 04)
  - Re: IE7 Zero Day ad () heapoverflow com (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
  - Re: IE7 Zero Day Valdis . Kletnieks (May 05)
    - Re: IE7 Zero Day Ron DuFresne (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
  - Re: IE7 Zero Day Ryan Whelan (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
  - Re: IE7 Zero Day daniel uriah clemens (May 05)
- Re: IE7 Zero Day Dave Alanis (May 05)
- Re: IE7 Zero Day 0x80 (May 06)
  - Re: IE7 Zero Day FRLinux (May 06)

(Thread continues...)