mailing list archives
Critical excel vulnerability for sale, read inside.
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Wed, 11 Jan 2006 23:29:59 +0100
-----BEGIN PGP SIGNED MESSAGE-----
It has not been possible for me to reach an agreement with zdi nor
idefense for selling the excel bug because I have publicly warned
about a remote command execution in my forum, I have tried to excuse
me about my selfstarting mistakes in the rssponsible disclosure nor to
explain them then if I find a 2nd excel critical bug , how can I
submit it to them since I have publicly warned about an excel flaw ?
You should reject actually any excel flaw no ?
No that's it , they leave me alone with a critical excel flaw, so I
have no other way now to get paid for my research to leave an announce:
A critical excel flaw is for sale, if you wish to buy it what do you
- -full advisory (explaining how I have found it , how I exploit it)
- -full poc building a xls file, once this file opened , excel will
arbitrary run regedit.exe, a bindshellcode, or add an admin user.
- -you have all rights on it , since Im alone able to exploit it, you
will trust me, I never share privately, you will be the only owner of it.
if you wish to see what the bug does, I can compute some videos on
demand. And of course if you are willing to buy it , do not offer
for any informations , excel_for_sale () heapoverflow com
note: I know this look like a joke, but I'm serious , I should be paid
for my security research , and I really dont want to help microsoft
for free, the auction is up for whitehats and blackhats, thanks to the
resposible programs on this.
I know I have made a mistake but this was still up to you to stop me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Critical excel vulnerability for sale, read inside. ad () heapoverflow com (Jan 11)