Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer

From: Bill Weiss (houdiniat_private)
Date: Thu Nov 22 2001 - 19:18:09 PST

  • Next message: alert7: "[NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability" 

    Mariusz Mazur(mariuszat_private)@Thu, Nov 22, 2001 at 08:09:46PM +0100:
> On 2001-11-21 hush.little.babyat_private wrote the folowyng:
> 
> [moderator: since this will probably cause many people to start the nda
> vs full disclosure debate so I guess you won't let it trough. So if you
> don't, it would be nice to give a tip to the list.]
> 
> 
> Ok... So we know that there is a bug... It's a critical one, ppl can
> "turn it off" by editing something in the registry and Microsoft is
> working hard to fix it. Oh... and we know that for the next 60 days some
> people can cause some damage to me and I have no way to protect myself.
> 
> Is this just me or maybe more people think that releasing this
> "advisory" (though this should be called "intimidator") was completely
> irresponsible and plain stupid?
> 
>

I think the point was to show us that the MS policy is stupid.  There's a
hole, obviously it can be found, but MS doesn't want us to know about
it.

    This archive was generated by hypermail 2b30 : Thu Nov 22 2001 - 21:59:31 PST