funsec mailing list archives

Re: 2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]]

From: Mike Owen <kyphros () gmail com>
Date: Tue, 10 Jan 2006 14:46:24 -0800

On 1/10/06, Gadi Evron <ge () linuxbox org> wrote:

OK, so we have an advisory for this. Fun.

Any idea about the NGSsoftware one?

        Gadi.


It's probably the TNEF vuln. Affects Outlook and Exchange 5.5/2000.
Code Execution. yummy

Date Reported:
July 31, 2005

Time to Patch:
163 Days

Severity:
High (Code Execution)


Why Microsoft insists upon taking ages and ages to patch is beyond me.
Especially for something like this, which in a default install allows
code execution via email and IE.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]] Gadi Evron (Jan 10)
- Re: 2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]] Mike Owen (Jan 10)
- Re: 2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]] Matthew Murphy (Jan 10)
  - RE: 2 critical vulns and the clock is ticking..[Fwd: [EEYEB-2000801]] Richard M. Smith (Jan 10)
    - Re: 2 critical vulns and the clock is ticking..[Fwd: [EEYEB-2000801]] Valdis . Kletnieks (Jan 10)