Full Disclosure mailing list archives
Re: 0day IE9/10 information disclosure vulnerability
From: xnite () xnite org
Date: Tue, 13 Aug 2013 02:10:32 -0500
The POC you mentioned here appears to: a. be in a foreign language. b. requires a login On Monday 12 August 2013 13:31:50 yuange wrote: somebody's poc http://weibo.com/p/1005051838905715/weibo?from=page_100505_home&wvr=5.1&mod=we ibomore#3610572387549394[1] 微软呀,要怎么说你们呢。3个月的沟通不承认,一 定要POC才承认,这么简单的代码看不懂吗?说得那么明白写POC真的有那么难 吗?实在太磨叽了。 这个漏洞你们还感谢360吗?不是我不配合,3个月的沟通,不 给POC就关闭这个漏洞的修补。顺便问一声,那几个漏洞修补还要花几个月呀? -------------------- From: yuange1975@hotmail.comTo: full-disclosure () lists grok org.ukSubject: 0day IE9/10 information disclosure vulnerabilityDate: Mon, 29 Jul 2013 07:22:18 +0000 #0day[2] IE9/10 information disclosure vulnerability http://t.cn/zQJYHgA [3] .Technical challenge how to write exploit code? 漏洞报告已经说得很明白,指出问题代码,怎么定位代码。鉴于微软一次次的纠缠 于需要提供POC,那就让大家来写POC吧,写好记得发一份给微软。 :) https://twitter.com/yuange75[4] 我的观点: #antiNSA[5] 现在APT的大环境下,POC代码、EXP利用技术都是宝贵资源,不想因 为中间环节被控制或者SNIFFER而丢失这些宝贵资源,现在坚定报告漏洞不提供 POC和EXP,除非有偿的漏洞报告。反汇编指出问题代码点,对于漏洞修补已经提 供了足够的重要信息了,要想POC自己分析。 -------- [1] http://weibo.com/p/1005051838905715/weibo?from=page_100505_home&wvr=5.1&mod=we ibomore#3610572387549394 [2] https://twitter.com/search?q=%230day&src=hash [3] http://t.co/17Ac3VkE9C [4] https://twitter.com/yuange75 [5] https://twitter.com/search?q=%23antiNSA&src=hash
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: 0day IE9/10 information disclosure vulnerability yuange (Aug 12)
- Re: 0day IE9/10 information disclosure vulnerability Daniel Preussker (Aug 13)
- Re: 0day IE9/10 information disclosure vulnerability xnite (Aug 13)