[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d ll"Remote Code Exe cution Exploit

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 18 18:41:47 GMT 2005


On Thu, 18 Aug 2005 14:23:00 EDT, "John B. Holmblad" said:

> Here is an idea: put laws on the books which require software 
> "producers" to respond with a viable fix plan  to notification from law 
> enforcement that they have an unpatched vulnerability with an exploit 
> available.

Take a careful look at the headers for this e-mail, particularly the X-Mailer:

Figure out who the "producer" is, and where the software is maintained.

Then figure out how many software packages are hosted at that same site.

Now figure out how to work that law so as not to kill all those packages,
in particular dealing with the issue of old copies of the package - what happens
if somebody finds a hole in FrobNozz 1.0.3, and the author doesn't even have
any source older than 1.1.5 because the current is 2.8.4?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050818/81eb9f4a/attachment.bin


More information about the list mailing list