Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 09 Jun 2010 15:23:47 +1200

Paul Heinlein wrote:

04/12/2009 - Vendor notified.
04/12/2009 - Vendor response.
11/01/2010 - Status update requested.
12/01/2010 - Vendor provides status update.
30/03/2010 - Vendor provides status update.
27/04/2010 - Vendor provides status update.
26/05/2010 - Vendor provides status update.
08/06/2010 - Public disclosure.

15.75 months to respond to a critical vulnerability in one of the most 
widely used business applications the world has seen? w00t.

Ummmm -- your US-centric view of dates is showing rather obviously, 
unless you can explain the unexpected appearance of a 27th month this 
year -- one that, even more oddly, cam after the 30th month and before 
the 26th, which itself came before the 8th month which itself has come 
before we've reached the middle of the June, the 6th month...

Or maybe your US-centric view of dates coupled with your loathing of MS 
blinded you to your date inadequacies?


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]