Dailydave mailing list archives
RE: Fonts of fun
From: "Marc Maiffret" <mmaiffret () eeye com>
Date: Wed, 11 Jan 2006 10:51:59 -0800
Hey Piotr, as recently emailed sorry about that. Dumb mistake that should have been caught, one of the releases that did not go under my personal radar. Eitherway good find on the bug, as also previously mentioned. Hopefully it further illustrates that bugs can be found by multiple people, whether a week apart or over 150 days apart. Zeroday is alive and kickin -Marc
-----Original Message----- From: Piotr Bania [mailto:bania.piotr () gmail com] Sent: Wednesday, January 11, 2006 7:36 AM To: dailydave () lists immunitysec com; dave () immunitysec com Subject: Re: [Dailydave] Fonts of fun Hi, >... >eEye's newsletter today said this about it: >"Details of this flaw were first released today in conjunction with >the Microsoft patch and within minutes, other researchers had reverse >engineered the Microsoft patch and shared the details online, which >means that this flaw may very well be used in an attack. The attack >vector of this flaw is similar to the WMF flaw, in that a user mustvisit a malicious website containing the malicious font file.">... >It's clear that Piotr did not "reverse engineer thepatch". He'd obviously had the bug for some time >...Nothing more to say. best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs."
Current thread:
- Fonts of fun Dave Aitel (Jan 11)
- RE: Fonts of fun Dave Korn (Jan 11)
- Re: Fonts of fun Daniele Muscetta (Jan 11)
- <Possible follow-ups>
- Re: Fonts of fun Piotr Bania (Jan 11)
- RE: Fonts of fun Marc Maiffret (Jan 11)
- RE: Fonts of fun, buckets of bugs Brett Moore (Jan 11)
- Re: Fonts of fun Piotr Bania (Jan 12)
- RE: Fonts of fun Dave Korn (Jan 11)