Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: MSIE (mshtml.dll) OBJECT tag vulnerability
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Thu, 27 Apr 2006 19:19:14 -0400

On 4/27/06, Michal Zalewski <lcamtuf () dione ids pl> wrote:
Why didn't I even try, you say? Past experiences of numerous researchers
aside, consider this: Microsoft takes 3-6 months to fix critical but
non-public vulnerabilities in their flagship software (some of these flaws
must've been independently discovered by the rogues, hence putting
customers at great risk, or at best taking chances). This is not a
reasonable timeframe, compared to industry averages. Yet, they only take
2-4 weeks to fix publicly disclosed bugs - thus making software safer,

Please note that I ask this out of curiousity, and not in an attempt
to be critical.

Why not give MSRC a head start of one week?


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]