[Dshield] Exploit for IE vulnerability (MS05-038) appears sameday as patch

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Wed Aug 10 06:06:00 GMT 2005


On Wed, 10 Aug 2005 01:34:30 EDT, "Roger A. Grimes" said:
> Well, since at least one known vendor (eEye) publicly said they reversed
> engineered one of the patches in 1-hour after looking at the patch for
> the first time, why believe otherwise? It's not impossible simply
> because you can't do it.

On the flip side, just, because *one* vendor did that for *one* patch doesn't
mean that *every* PoC gets created that way, unless you've taken a hit
of the Microsoft kook-aid.

Let's face it - if *all* of them are clever enough to reverse-engineer the
patch, at least *some* of them are clever enough to have found the hole without
a patch to guide them.  And once it's not a 0-day anymore, you might as well
get visibility by releasing it and claiming you're a rev-engineering marvel....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050810/731ce351/attachment.bin


More information about the list mailing list