Create an Account
username: password:
 
  MemeStreams Logo

RE: Vuln Disclosure? WTF?

search


RE: Vuln Disclosure? WTF?
by Decius at 11:27 am EST, Jan 8, 2007

Acidus wrote:

-- Disclosure Timeline:
2006.02.27 - Pre-existing digital Vaccine released to TippingPoint
customers
2006.08.31 - Vulnerability reported to vendor
2006.12.12 - Coordinated public release of advisory

I noticed this in a vuln report for a remote code execution in JavaScript for IE. Maybe this is a mistake, but it appears that TippingPoint aka 3Com took steps to protect/secure their customers 6 months before even reporting the issue.

Surely this cannot be a standard security practice. Is this what corporate 0-day purchasing has forced?

It means they are claiming the vulnerability is covered by some generic javascript shellcode signature that was written a long time before they'd ever heard of this vulnerability.

RE: Vuln Disclosure? WTF?


 
 
Powered By Industrial Memetics