Full Disclosure mailing list archives

Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)

From: Julius Kivimäki <julius.kivimaki () gmail com>
Date: Fri, 19 Apr 2013 23:53:13 +0300

Yeah it is when you are in the business of selling exploits.


2013/4/19 <paul.szabo () sydney edu au>

VUPEN Security Research <advisories () vupen com> wrote in
http://www.securityfocus.com/archive/1/526402
:

X. DISCLOSURE TIMELINE
2012-02-15 - Vulnerability Discovered by VUPEN
2013-03-06 - Vulnerability Exploited At Pwn2Own 2013 and Reported to

Adobe

2013-04-17 - Public disclosure


Is a delay of a year before reporting to the vendor, acceptable?

Thanks, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) paul . szabo (Apr 19)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Bob The CCIE MSCE Kim (Apr 19)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Julius Kivimäki (Apr 20)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Gregor S. (Apr 21)
- Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555) Gregor S. (Apr 21)