Full Disclosure mailing list archives

Re: Microsoft Internet Explorer Local File Accesses Vulnerability

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Tue, 20 Feb 2007 10:00:44 +0100 (CET)

On Mon, 19 Feb 2007, Peter Dawson wrote:

just asking... Is this std practice by vendor to state.... ??? "[..] we
ask you respect responsible disclosure guidelines and not report this
publicly...."


It's a common and pretty shameless practice for Microsoft. They also
openly criticize such researchers in media statements (while mentioning
some overly comforting mitigating factors), and then "penalize" you for
not disclosing to them 3-12 months in advance by not crediting you in
vendor bulletins.

These ungrateful researchers, eh?

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Microsoft Internet Explorer Local File Accesses Vulnerability Rajesh Sethumadhavan (Feb 19)
- Re: Microsoft Internet Explorer Local File Accesses Vulnerability Michal Zalewski (Feb 19)
  - Re: Microsoft Internet Explorer Local File Accesses Vulnerability Peter Dawson (Feb 19)
    - Re: Microsoft Internet Explorer Local File Accesses Vulnerability Michal Zalewski (Feb 20)
- Re: Microsoft Internet Explorer Local File Accesses Vulnerability [7244ks] Microsoft Security Response Center (Feb 19)
- Re: Microsoft Internet Explorer Local File Accesses Vulnerability pdp (architect) (Feb 20)