Full Disclosure mailing list archives
Re: FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability
From: Pastor Kornell <pastor.kornell () googlemail com>
Date: Sun, 24 Jan 2010 21:56:26 +0100
James Birk <jamesbirk () gmail com> wrote:
Good to see nothing's changed with Bugtraq in fifteen years. Anyone want to point me to a security list where ads like the one below are not allowed?
James has a fair point. The advisory could be talking about 9 out of any 10 Internet Explorer bugs, it was completely generic. No poc, no analysis, no exploit. Haifei does not tell me anything I did not know already from MSFT (not much). I do not care if you want to tag on a listing for your business or product with the presentation of your work, but it better be a useful contribution and not an infomercial. it doesn't matter if you do not have an exploit, but you have to explain the bug with some debugger / dissasembler / output data and analysis so that we can understand or assess whether it is realistically exploitable. If you do not show us even one test case, then we can not test the fix or verify it is fixed correctly and not just a band-aid around the problem. Learning about the bug also lets us track trends and do other useful work. As a useful guide, count how many lines in your mail are advertisement and how many are advisory - if there are more lines talking about "FortiGate, FortiMail, FortiShamWow and DietForti" than there are about the bug, you're doing it wrong. For now, everyone would have been better off bindiffing just the patch rather than read your emails. Please fix this in future. PK _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability James Birk (Jan 24)
- <Possible follow-ups>
- Re: FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability Pastor Kornell (Jan 24)