Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
From: musnt live <musntlive () gmail com>
Date: Fri, 11 Jun 2010 08:58:09 -0400

On Thu, Jun 10, 2010 at 12:16 PM, Tavis Ormandy <taviso () cmpxchg8b com> wrote:


I will not answer anymore uninformed questions on this topic.



Riddle me this Tavis. For why not responsible disclosure you put
millions of Microsoft customers at risk.

Hello list, I'd like to warn you about reckless disclosure. Imagine if
you will a car maker say Toyota. Owner of Toyota know of vulnerability
that when drive car, car go fast. Its a security risk. Imagine what
happen when driver go to Toyota: "Hey Chinky Car Maker Is You Car Go
Fast Vroom Vroom and can kill someone!*&%$!" Car maker think fast with
risk assessment:

1) Does the public know?
a) No they not know - recall not necessary we spend money on recall
b) No public not fully aware - somewhat aware - we bribe those aware
c) Public know - we now look like fool - damage reputation of Tavis
who reported risk

List, I'd like to warn you about Microsoft politics for disclosure.
True politics people who not report security do not see in real world
perspective.

2010-05-07 - Mustnlive contact Microsoft for 0day which take over MSN
Messenger with a single message need point of contact
2010-05-08 - Microsoft Security Response center reply:

Hello,

Thank you for this report. How would an attacker get the code onto a
victim system?

Best Regards,
(Name remove to protect lowly customer service monkey)

2010-05-08 Mustnlive reply:

Hi,

No you no understand, I send you message on you MSN and you MSN run my
code like it or not. Here is my PoC.

Inshallah!

2010-05-10 MSRC reply:

Hello,

ActiveX are considered unsafe filetypes in Windows and other Microsoft
products.  The MSRC does not open cases on file types that are
designed to run code and considered unsafe.

If you find that there is a vector to reproduce the issue that does
not require the execution of an unsafe file type please reply with
details.

Best Regards,
(Name remove to protect lowly customer service monkey)

2010-05-10 Musntlive scratch head and think: "You make ActiveX you MSRC monkey!"
2010-05-11 Musntlive move up the MSRC foodchain Blackhat ShmooFoo
style to open a can of whoop ass:

Hi,

My colleague (name remove to protect super cool MS fellow) let me know
that you reached out to him on this issue.  If you have additional
information on this issue Secure () microsoft com is the appropriate
contact for it.

Have you been able to reproduce the issue without leveraging an unsafe
file type? or through a remote vector?

Best Regards,
(name remove to protect innocent MSRC monkey)

2010-05-10 Musntlive scratch head again and think: "You stupid MSRC
monkey! Do you not see the code! Do you not see I pwn all is your
system?!"
2010-06-01 Musntlive make exploit live weapon of IM destruction and
test test retest test test
2010-06-05 Mustnlive test on unsuspecting hot woman. Send message,
instant camera control via MSN (latest version on Vista, 7, XP)
2010-06-10 Mustnlive semidiscloses weapon of IM destruction
2010-06-10 Musntlive offer IM weapon he call Yudayajin Kuma for sale
on black market beginning bid $10,000.00

You see Susan and other non hacker monkeys, companies do not care for
fix issue they is care for covering their bungerholes. I applaud
Tavis, wish people would know the process to report bug and runaround
companies give researchers who try to report problems. No Full
Disclosure, no more free bugs. Companies is not care to fix things
that are not in the spotlight.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault