Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE7 Zero Day

From: <0x80 () hush ai>
Date: Tue, 9 May 2006 17:01:03 -0700
But not a big enough threat to outbid the highest bidder who 
incidentally will be recieing full PoC by morning.



On Mon, 08 May 2006 18:04:02 -0700 n3td3v <n3td3v () gmail com> wrote:

On 5/8/06, 0x80 () hush ai <0x80 () hush ai> wrote:

There is no skin to save.  No law is being broken and I am not
holding anyone ransom.

Microsoft is not the only vendor that can fix this bug either, 

it

would be easy to patch the DLLs involved.

No one is monitoring anything because I have not broken any laws 



in

any country.  You reply simply dances around the issue because 

as

usual, you have zero idea what you are talking about.


Symantec see you as threat:

"

ThreatCon Level is 1

A researcher has made a post to the Full-Disclosure mailing list
claiming that he has discovered two unknown and unpatched
vulnerabilities in Microsoft Internet Explorer 7, which is 
currently
in beta. He also states that at least one of the issues is present 



in
Microsoft Internet Explorer version 6.x, but circumstances unknown 



to
the researcher prevent him from being able to successfully exploit 



it.
The discoverer of these issues has stated that they will be 
privately
sold to the highest bidder. Internet Explorer 7 is beta software, 
and
as such, should not be used on sensitive systems. Though the
possibility of exploitation against version 6.x may exist, it 
should
always be assumed that there may be latent vulnerabilities in 
client
software. Users are advised to employ best practices such as 
avoiding
untrusted websites, links from untrusted sources, and running such
software with the least possible privileges.


"
http://www.symantec.com/avcenter/threatcon/learnabout.html

Regards,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: