Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer

[Bill Weiss <houdini () nmt edu>]

Mariusz Mazur(mariusz () isn pl)@Thu, Nov 22, 2001 at 08:09:46PM +0100:
> On 2001-11-21 hush.little.baby () hushmail com wrote the folowyng:
>
> [moderator: since this will probably cause many people to start the nda
> vs full disclosure debate so I guess you won't let it trough. So if you
> don't, it would be nice to give a tip to the list.]
>
>
> Ok... So we know that there is a bug... It's a critical one, ppl can
> "turn it off" by editing something in the registry and Microsoft is
> working hard to fix it. Oh... and we know that for the next 60 days some
> people can cause some damage to me and I have no way to protect myself.
>
> Is this just me or maybe more people think that releasing this
> "advisory" (though this should be called "intimidator") was completely
> irresponsible and plain stupid?

I think the point was to show us that the MS policy is stupid.  There's a
hole, obviously it can be found, but MS doesn't want us to know about
it.