[VIM] recent MSIE vulns and value

security curmudgeon jericho at attrition.org
Mon Aug 3 23:38:12 UTC 2009


http://www.microsoft.com/technet/security/bulletin/MS09-034.mspx

Acknowledgments

Microsoft thanks the following for working with us to help protect 
customers:
Peter Vreugdenhil of VeriSign iDefense Labs for reporting the Memory 
Corruption Vulnerability (CVE-2009-1917)

Peter Vreugdenhil, working with TippingPoint and the Zero Day Initiative, 
for reporting the Uninitialized Memory Corruption Vulnerability 
(CVE-2009-1919)


--

This is interesting. I wonder if we can read into this to mean that 
iDefense and ZDI disagreed on the value of the vulnerabilities, and 
Vreugdenhil sold to the company who put more value on each?


More information about the VIM mailing list