[Full-Disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
dave at immunitysec.com
Thu Apr 15 01:46:44 BST 2004
-----BEGIN PGP SIGNED MESSAGE-----
|> Exactly the point of full disclosure. If someone with a serious
|> axe to
| grind would have stumbled onto the ASN.1 flaw before the Eeye
| notice, it could have been an ELE* for MS and some major
|> Let's see, unpatched ASN.1 + Flash Worm = ?
| I think you seriously underestimate the hacking skills of eeye,
| there are very few who could turn the bugs they find into full blow
| root level exploits.
That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS, Exchange, and
http://www.immunitysec.com/CANVAS/ "Have your hacking skills
underestimated by random people on FD"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.