Acidus wrote:
-- Disclosure Timeline:
2006.02.27 - Pre-existing digital Vaccine released to TippingPoint
customers
2006.08.31 - Vulnerability reported to vendor
2006.12.12 - Coordinated public release of advisory
I noticed this in a vuln report for a remote code execution in JavaScript for IE. Maybe this is a mistake, but it appears that TippingPoint aka 3Com took steps to protect/secure their customers 6 months before even reporting the issue.
Surely this cannot be a standard security practice. Is this what corporate 0-day purchasing has forced?
It means they are claiming the vulnerability is covered by some generic javascript shellcode signature that was written a long time before they'd ever heard of this vulnerability.
