Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: RE: new internet explorer exploit (was new worm)
From: "Drew Copley" <dcopley () eeye com>
Date: Mon, 29 Mar 2004 17:14:12 -0800


-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Monday, March 29, 2004 4:53 PM
To: Drew Copley
Cc: Jelmer; full-disclosure () lists netsys com; 
bugtraq () securityfocus com
Subject: Re: [Full-disclosure] RE: new internet explorer 
exploit (was new worm) 

On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley 
<dcopley () eeye com>  said:

Yeah. It is a zero day worm, and it is very notable as such.  

I can not recall a previous zero day worm. (AV is not my 
job, but I do
try and follow zero day.)

Hence, IE has birthed us the first zero day worm.

Has anybody offered the Microsoft dude who denied the 
existence of 0-days
some ketchup for his fried crow? ;)

I do not recall this quote. Such a quote would be patently untrue even
from the viewpoint of legitimate researchers that have open bugs with
them. Such bugs are "zero day", though the vendor may be aware of them. 

Further, of course, it would be impossible to prove that "zero day do
not exist", though you can prove that "zero day do exist" -- but then,
they wouldn't truly be "zero day" now, would they? 

The webdav bug of last year was a nice example of zero day in a major
Microsoft application being used by a malicious attacker. (Against the
US military, no less. Kudos to the US military admins. )

Though one should not create a trend from such a small sample... it is
definitely safe to say that "this is a trend"... considering the obvious
factors behind it.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]