Full Disclosure mailing list archives

Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability

From: Paul Heinlein <heinlein () madboa com>
Date: Tue, 8 Jun 2010 17:49:40 -0700 (PDT)

On Tue, 8 Jun 2010, Secunia Research wrote:

======================================================================

                    Secunia Research 08/06/2010

 - Microsoft Excel Record Parsing Input Validation Vulnerability -

======================================================================

======================================================================
2) Severity

Rating: Highly critical
Impact: System compromise
Where:  Remote

======================================================================
6) Time Table

04/12/2009 - Vendor notified.
04/12/2009 - Vendor response.
11/01/2010 - Status update requested.
12/01/2010 - Vendor provides status update.
30/03/2010 - Vendor provides status update.
27/04/2010 - Vendor provides status update.
26/05/2010 - Vendor provides status update.
08/06/2010 - Public disclosure.


15.75 months to respond to a critical vulnerability in one of the most 
widely used business applications the world has seen? w00t.

-- 
Paul Heinlein <> heinlein () madboa com <> www.madboa.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Secunia Research (Jun 08)
- Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Paul Heinlein (Jun 08)
  - Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Nick FitzGerald (Jun 08)