Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability
From: "iDefense Labs" <labs () iDefense com>
Date: Mon, 12 Jul 2004 17:24:13 -0400

Cary,

The discovery date is a typo and has been corrected on our website:

http://www.idefense.com/application/poi/display?id=116&type=vulnerabilit
ies

The corrected timeline is:

02/02/2004   Exploit discovered by iDEFENSE
03/11/2004   Initial vendor notification
03/11/2004   Initial vendor response
03/11/2004   iDEFENSE clients notified
06/07/2004   Vendor update released
07/12/2004   Public Disclosure

Greg pointed out my error shortly after the advisory was sent.

Regards,

Michael Sutton
Director, iDEFENSE Labs

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Cary Barker
Sent: Monday, July 12, 2004 3:27 PM
To: Full-Disclosure () lists netsys com
Subject: RE: [Full-disclosure] iDEFENSE Security Advisory 07.12.04:
Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability


<snip>
02/02/2003   Exploit discovered by iDEFENSE
03/11/2004   Initial vendor notification
<snip>

Is that initial notification date a typo or did they sit on it for over
a year before notifying the vendor?

Cary Barker
Network Security Administrator
Campbell & Company, Inc.

-----Original Message-----
From: idlabs-advisories () idefense com
[mailto:idlabs-advisories () idefense com] 
Sent: Monday, July 12, 2004 10:50 AM
To: idlabs-advisories () idefense com
Subject: [Full-disclosure] iDEFENSE Security Advisory 07.12.04: Adobe
Reader 6.0 Filename Handler Buffer Overflow Vulnerability

<snip>



______________________________________________________________________
Campbell & Company, Inc.:  The information in this e-mail may contain
privileged/confidential information.  If you are not the intended
recipient, you must not read, use, copy or disseminate the information
or take any action in reliance thereupon.  If you have received this
e-mail in error, please notify Campbell & Company, Inc. immediately by
e-mail or telephone and delete the e-mail and any attachments from any
computer.  The information in this e-mail does not constitute an offer
to sell or the solicitation of an offer to buy any securities in any
jurisdiction or for the benefit of any person.  
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]