Someone just notified me off-list that I am confusing the
two vulnerabilities listed on the page. Both were first
notified in October, but the vendor has only declined to
address the less serious of the two. For the overflow,
they were notified on October, and (he claims) given an
exploit in December. I don't know why the delay.
Apologies for the confusion on my part. It doesn't make
any difference from a moderation point of view.. I would
have put the message through even if I did comprehend
it correctly the first time.
BB
Blue Boar wrote:
>
> Krish Ahya wrote:
> >
> > Why would you release an exploit for this hole if currently there are no
> > security patches for it? Do you know how many people run mIRC? Most of which
> > know nothing about even how they got online! My prediction is that several
> > machines are going to get compromised due to this.
>
> Did you read the page he referenced, where he indicates that he
> contacted the vendor in October, and they declined to make any changes?
> http://www.uuuppz.com/research/adv-001-mirc.htm
>
> BB
Received on Feb 03 2002
Intro
