Full Disclosure mailing list archives
Re: xp sp3 remote bof
From: elfius <elfius () gmail com>
Date: Fri, 17 Jun 2011 12:22:07 +0200
Thanks for the advice guys. I've received quite a few interesting offers from some rather shady sounding people (as well as public messages here), and I've begun to realise how much this is worth. So for the time being anyway I think I'll keep it for a rainy day. Cheers again for the input. ciao, chown On Fri, Jun 17, 2011 at 6:24 AM, phil <jabea () jabea net> wrote:
I suggest ZDI too, or like Thor told secure () microsoft com.**** ** ** If you got a real PoC then the guys at Microsoft will listen and will acknowledge you fast... but if your PoC is not ok, and it just show a small bug, or if you want to remain anonymous then ZDI is the way to go IMO or you will end up waiting for an answer from MS for month before to discover that it has been patched without any thanks or acknowledgement.** ** ** ** Nb, You can email cert (cert () cert org/soc () us-cert gov) too , but you will have no income for that report and they will email MS in the end.**** ** ** ** ** In either case, if MS don’t answer you in a timely manner, FD will still be there to disclose the PoC.**** ** ** ** ** *De :* full-disclosure-bounces () lists grok org uk [mailto: full-disclosure-bounces () lists grok org uk] *De la part de* elfius *Envoyé :* 16 juin 2011 14:50 *À :* full-disclosure () lists grok org uk *Objet :* [Full-disclosure] xp sp3 remote bof**** ** ** Hi guys, I'm pretty new in these parts, and to the scene in general, but I've been doing low level dev for a while. Anyway introductions aside, I have a somewhat stable remote bof poc for xp sp3 (which I'm not going to go into detail about), and I've signed up to this list to ask the security community what I should do. I figured I can't just email Microsoft from my personal email address, and I wouldn't even know who to email at Microsoft. So I'm open to the advice of those a bit more experienced.**** ciao, chown **** ------------------------------ Aucun virus trouvé dans ce message. Analyse effectuée par AVG - www.avg.fr Version: 10.0.1382 / Base de données virale: 1513/3708 - Date: 16/06/2011
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- xp sp3 remote bof elfius (Jun 16)
- Re: xp sp3 remote bof Thor (Hammer of God) (Jun 16)
- Re: xp sp3 remote bof Javier Bassi (Jun 16)
- Message not available
- Re: xp sp3 remote bof elfius (Jun 17)
- Re: xp sp3 remote bof Thor (Hammer of God) (Jun 18)
- Re: xp sp3 remote bof elfius (Jun 17)
- Re: xp sp3 remote bof coderman (Jun 17)