Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: MSIE Nested Object Vulnerability Is Exploitable
From: n3td3v <n3td3v () gmail com>
Date: Sat, 29 Apr 2006 22:57:18 +0100

On 4/29/06, Secunia Research <vuln-remove () secunia com> wrote:
Microsoft therefore treats this as a privately disclosed vulnerability,
thus Secunia will not be releasing any further details before Microsoft
releases a patch for this vulnerability.

Kind regards,

Thomas Kristensen

Hammerensgade 4, 2. floor
DK-1267 Copenhagen K

Tlf.: +45 7020 5144
Fax:  +45 7020 5145

On Fri, 2006-04-28 at 09:33 +0200, Secunia Research wrote:
> Hello,
> There has recently been some discussion regarding whether or not the
> MSIE Nested Object Vulnerability reported by Michal Zalewski is
> exploitable or not.

Yes, some amougst the script kid population of the list weren't sure
if it was exploitable, everyone else with a clue knew it was
exploitable, hence the reason MZ disclosed the advisory in the first

The list doesn't need Secunia verfication of advisories. Infact no one
needs your entire Secunia website.

I can't wait for John Cartwright to drop you guys as a sponsor. (The
biggest mistake he ever made)

If the vulnerability is privately disclosed and _isn't_ the same as
MZ's then why talk about it in public?

Sending an e-mail to MZ and telling him his advisory had uncovered a
nest of ants, attached to his original tip off would have be more than

Btw, when are you guys growing your -scene whore- empire? Perhaps
Zone-h.org will be your next purchase.

All the best,


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]