MS02-064 fix time

From: David Litchfield (davidat_private)
Date: Thu Nov 14 2002 - 05:41:53 PST

Next message: zen-parse: "Netscape/Mozilla: Exploitable heap corruption via jar: URI handler."

Previous message: Olaf Kirch: "SuSE Security Announcement: Multiple vulnerabilities in BIND8 (SuSE-SA:2002:044)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

MS02-064 discusses a vulnerability where clicking on start->run can lead to
an unsuspecting user running another (malicious) user's trojan.

I warned MS of this back in on September 6th 1999 whilst 2k was still in
BETA (See the bottom of the following mail)
http://security-archive.merton.ox.ac.uk/bugtraq-199909/0145.html

I wonder if this is the longest time it has taken for a "fix" to be made
public after disclosure?

David Litchfield

Next message: zen-parse: "Netscape/Mozilla: Exploitable heap corruption via jar: URI handler."
Previous message: Olaf Kirch: "SuSE Security Announcement: Multiple vulnerabilities in BIND8 (SuSE-SA:2002:044)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 16 2002 - 15:46:57 PST