I understand this, but thats all the more reason to not release an exploit. An advisory only would have better suited the situation, especially when the vendor won't fix the problem. No need to complain over spilled milk now though, whats done is done, and now to only hope the vendor will release fixes. teli Network Operations, ChatNet IRC Network Central Hub Administrator ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ "When you sit with a nice girl for two hours, it seems like two minutes. When you sit on a hot stove for two minutes, it seems like two hours, that's relativity." -- Albert Einstein ----- Original Message ----- From: "Blue Boar" <BlueBoarat_private> To: "Krish Ahya" <Krishat_private> Cc: <vuln-devat_private> Sent: Sunday, February 03, 2002 4:07 PM Subject: Re: mIRC Buffer Overflow > Krish Ahya wrote: > > > > Why would you release an exploit for this hole if currently there are no > > security patches for it? Do you know how many people run mIRC? Most of which > > know nothing about even how they got online! My prediction is that several > > machines are going to get compromised due to this. > > Did you read the page he referenced, where he indicates that he > contacted the vendor in October, and they declined to make any changes? > http://www.uuuppz.com/research/adv-001-mirc.htm > > BB >
This archive was generated by hypermail 2b30 : Sun Feb 03 2002 - 14:33:35 PST