two weeks
key notifying them of the vulnerabilities and sending an advisory draft,
a proof of concept for the WebEx Player vulnerability, and a proof of
concept for the Meeting Center vulnerability including details of how to
reproduce both vulnerabilities, and details about the behaviour of the
PoC for the Player vulnerability on Windows XP SP2 (which overwrites EIP
with 0x41414141 on that platform). October 18th 2010 (a two weeks
timeframe) is set as a potential release date for the advisory.
. 2010-10-05:
Cisco PSIRT contacts Core stating that their development team is out of
the office till Friday October 8th. November 15th 2010 is mentioned as
. 2010-02-05:
MSRC acknowledges receipt of previous email, says that the team is still
running into issues finding the best way to address the vulnerability.
The team has not found a satisfactory way of resolving the issue without
large application compatibility repercussions. Vendor asks Core to
postpone publication for an additional two weeks of time to involve
additional people in an attempt to find a good way to address the problem.
. 2010-02-05:
Core agrees to postpone publication of the security advisory for a month
and re-sets the publication date to March 2, 2010. Core says that it
>
>
>
>
> The maintainer (and the flying company blu-express) has been contacted
> twice via mail in the last two weeks but choose not to respond at all.
>
> Regards
> Skien
>
. 2009-09-14:
To delay the publication until December 15th, Core requests from the
Microsoft team detailed information on the bug including: field format
details and cause of the flaw; applications and versions affected;
vendor fix schedule; and updates at least once every two weeks.
. 2009-09-16:
The Microsoft team informs Core that they are looking into what amount
of detail they can provide on their fix plans. The Microsoft team also
promises to keep in touch with more technical information to work on a
4) Fix
======
No fix.
I'm in contact with the developer from over two weeks but unfortunately
I'm not able to explain these bugs better than how I have done here...
#######################################################################
2010-07-30: Confirmation of vulnerabilities from vendor
2010-08-02: Asking for information which Sawmill versions are affected
2010-08-12: Vendor: Fixing is in progress, version info will be
collected in an internal document
2010-09-01: Vendor: problems mostly fixed in upcoming 8.1.6 in about
two weeks
2010-09-07: New release 8.1.6.3 available, does not fix critical
vulnerabilities
2010-09-08: Pre-release version available, very shortly checked for fix
of critical vulnerabilities, 8.1.7 is scheduled, XSS still
possible
once a release is finalized all relevant materials are updated to
reflect that fact. AusCERT asks about Core's plans regarding the issue.
. 2008-04-28:
CERT/CC suggests that in light of the vendor statement one last effort
should be attempted, setting a date for publication one or two weeks
into the future and presenting the final drafts of the report to the vendor.
. 2008-04-28:
Core sets the advisory publication date to May 12th and indicates to the
three CERTs that the date is considered final unless concrete details
Also we are happy to announce that talks from last years conference
are online. Listen to last years talks in full length at:
http://video.google.com/videosearch?q=deepsec&sitesearch=#
Call for Papers still Open for two weeks:
If you have some good ideas for a Talk at the conference and haven't
decided yet to submit we encourage you to do so now. We still accept
submissions at https://deepsec.net/cfp/ or via e-mail to:
cfp@deepsec.net
# Date: 2010.01.17
# Author: superli
# Software Link: http://down.sandai.net/Thunder5.9.14.1246.exe
# Version: <= 5.9.14.1246
# Tested on: xpsp3 ie6
# Greeting to Xunlei Security Center guys,your guys still not yet release patch or new version to fix the vunl which also can #attack Xunlei KanKan Player(http://dl.xunlei.com/xmp.html).I exposed this vunl two weeks ago,are you really responsible for the security of millions users?
# POC Code :
<object id=ooxooxx classid="CLSID:{F3E70CEA-956E-49CC-B444-73AFE593AD7F}">
<PARAM NAME="_cx" VALUE="0xFFFFFFFF">
<PARAM NAME="_cy" VALUE="0xFFFFFFFF">
<PARAM NAME="UiMode" VALUE="-1">
2010-08-27: mplayer security team confirms report, describes mplayer
workaround and points to ffmpeg as the originally affected package
2010-08-27: contacted ffmpeg maintainer
2010-08-27: preliminary patch is provided by ffmpeg maintainer
2010-08-28: reporter approves patch
2010-09-13: upstream confirms patch, two weeks embargo is proposed
2010-09-13: embargo accepted, contacted affected vendors
2010-09-27: patch committed to ffmpeg repository
2010-09-28: patch automatically pulled to mplayer repository from ffmpeg one
2010-09-28: oCERT advisory published
silently, and did not inform me or release public advisory
2008.05.12 Asked them for the reason
2008.05.12 Vendor replied: "Once we are sure that all of
our customers have been given the opportunity to upgrade, we will post
a public advisory"
2008.05.12 Decided to give the maximum of two weeks to them
for pushing the patch
2008.06.02 Sent a warning of the coming independent
advisory, and asked the vendor to join us
2008.06.02 Vendor asked for an additional 48 hours for
coordinated public disclosure
The OWASP AppSec USA 2011 conference in Minneapolis is only two weeks
away. Classes are filling up fast (the OWASP WTE class is full, mobile
security class almost full), and the conference talks lineup is
impressive. Sign up today for the training on September 20-21 and the
main conference talks, CTF, showroom, and Open Source Showcase on
September 22-23!
http://www.appsecusa.org/
Core sends a second Proof of Concept malformed file triggering
vulnerability #2 in Excel 2000/2002.
. 2009-09-08:
The Microsoft team acknowledges receipt of the information and estimates
that they will have more detailed information in two weeks.
. 2009-09-11:
The Microsoft team confirms that vulnerability #1 is exploitable. They
inform us that they will send updated information on the fix release
date as the investigation progresses.
vulnerability, which was tested against a fully patched
system.
23/11/2007 - Vendor contacted (status update requested).
23/01/2008 - Vendor contacted (status update requested again).
05/02/2008 - Vendor informed that due to no response to status
requests an advisory will be published in two weeks).
05/02/2008 - Vendor response (vulnerability successfully reproduced
and asks for coordinated disclosure).
07/02/2008 - Vendor informed that disclosure will be coordinated.
18/03/2008 - Vendor provides status update.
02/05/2008 - Vendor provides status update (waiting for Adobe).
7th December 2011 - Researched and confirmed the vulnerability
4th January 2012 - Reported to Drupal and CKEditor via
http://drupal.org/project/ckeditor and http://dev.ckeditor.com/ and
http://cksource.com/contact
18th January 2012 - Developers of CKEditor has been contacted several
times, nothing has happened in two weeks and the advisory has been
available to the public via bugtrackers. Vulnerability released to the
general public.
|
