Full Disclosure mailing list archives
Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 09 Jun 2010 15:23:47 +1200
Paul Heinlein wrote:
04/12/2009 - Vendor notified. 04/12/2009 - Vendor response. 11/01/2010 - Status update requested. 12/01/2010 - Vendor provides status update. 30/03/2010 - Vendor provides status update. 27/04/2010 - Vendor provides status update. 26/05/2010 - Vendor provides status update. 08/06/2010 - Public disclosure.15.75 months to respond to a critical vulnerability in one of the most widely used business applications the world has seen? w00t.
Ummmm -- your US-centric view of dates is showing rather obviously, unless you can explain the unexpected appearance of a 27th month this year -- one that, even more oddly, cam after the 30th month and before the 26th, which itself came before the 8th month which itself has come before we've reached the middle of the June, the 6th month... Or maybe your US-centric view of dates coupled with your loathing of MS blinded you to your date inadequacies? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Secunia Research (Jun 08)
- Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Paul Heinlein (Jun 08)
- Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Nick FitzGerald (Jun 08)
- Re: Secunia Research: Microsoft Excel Record Parsing Input Validation Vulnerability Paul Heinlein (Jun 08)