[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d ll"Remote Code Exe cution Exploit
jayjwa at atr2.ath.cx
Sat Aug 20 03:37:17 GMT 2005
On Thu, 18 Aug 2005, Johannes B. Ullrich wrote:
-> IMHO, the real question with respect to releasing / not releasing 0-day
-> is if it has been used in the wild.
I always want to know if anyone has found such a bug. What makes anyone
think that they are the *only* ones that found said exploit? What if Mr.
Joe Blackhat found that very same bug 4 weeks ago and just kept it to his
close circle of friends? 4 weeks later (after 4 weeks of rooted boxes),
then someone comes out and says, I just found a 0-day?
Non-disclosure helps only two groups:
1 blackhats that want to crack your system
2 companies that are worried about having to fix their broken OS
and have to spend money.
...because what you don't know most certainly can hurt you. Ask some of
the people that post on Full Disclosure: more than once someone has come
forth and said they reported something to Microsoft, only to have them
deny that it was in fact a bug to be concerned with. Only *after* the
fact, once a POC code was out did they start doing something. Actually
(and I don't know for sure), if you think about it and look at this
exploit, it bears resemblance to the work of the person that I am thinking
of when I say that 'they deny that it was in fact a bug to be concerned
As a user, and as a sysadmin I want to know the second that anyone finds
anything that could compromise those systems I'm looking after. Not doing
so is selfish of the person that discovers but won't disclose because then
he is assuming he is the only one capable of finding said bug, and we just
can't be garenteed that in every case. Tell me, then let me decided the
best course of action: whether that means a patch, using a work-around, or
just outright pulling the affected piece of software until it can be
More information about the list