[VIM] [OSVDB Mods] Internet explorer 6, 7 and 8 URL Validation Vulnerability (fwd)
security curmudgeon
jericho at attrition.org
Sun Jan 24 11:06:57 UTC 2010
(sent to VIM with permission from lostmon. He indicated he is updating his
blog with these dates as well)
---------- Forwarded message ----------
From: Lostmon lords <lostmon at gmail.com>
To: security curmudgeon <jericho at attrition.org>
Date: Sun, 24 Jan 2010 11:24:27 +0100
Subject: Re: [OSVDB Mods] Internet explorer 6,
7 and 8 URL Validation Vulnerability
Hi Brian :
The time line for this vulnerability is
discovered 05-11-2009
Reported to vendor 15-11-2009
vendor patch 21-01-2010
the first initial contact 15-11-2009 and they accept it in the case
manager at 19-11-2009 i planning to disclose details about it in
09-02-2010 now i continue testing it with the patch because i thnk that not all
is patched and now the patch has create a two new posible vectors of attack
Thnx for interesting :)
2010/1/24 security curmudgeon <jericho at attrition.org>:
>
> Hi Lostmon,
>
> Do you remember when you disclosed this to Microsoft?
>
> Thanks,
>
> brian
> OSVDB.org
More information about the VIM
mailing list