From: "Geo" 

This is a multi-part message in MIME format.

------=_NextPart_000_0080_01C61740.D35ED0B0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This is exactly the kind of post that forced eeye to create iishack, =
everyone was saying it wasn't exploitable, it couldn't be done. A week =
later it was done.

So now Microsoft has pushed the idea of responsible disclosure, you make =
this claim and to prove you wrong eeye would have to act irresponsibly. =
Nice.

Geo.
  "Rich"  wrote in message news:43c5fc32$1{at}w3.nls.net...
     I am safe.  The issue is old and I don't remember the specifics =
enough to speculate on others.

     Going by eeye's claims, they aren't claiming the problem is =
exploitable.  Considering there aggressive self-promotion this suggests =
they don't know how.  Contrast this with the four quicktime bugs they =
just starter promoting or the two real player bugs they were promoting = in
November where they claim to be able to execute arbitrary code or = control
the program counter.

     If you search the internet you can find someone else who claims to =
have been looking at this before the bulletin release states

     The vulnerability may lead to remote code execution when specially =
crafted file
    is being parsed, however the exploitation is _hard_ due to the fact =
attacker
    doesn't control directly the data which will overwrite the heap =
block.
    However, it doesn't mean it can't be done :)


  Rich

    "Mike N."  wrote in message =
news:6moas15aei42vld5qmlqaia6o00dbg2quc{at}4ax.com...
    Rich, were you, your family and  friends protected from MS06-002?   =
If so I
    want to know how.
       Thanks,
------=_NextPart_000_0080_01C61740.D35ED0B0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








This is exactly the kind of post that =
forced eeye=20
to create iishack, everyone was saying it wasn't exploitable, it = couldn't be=20
done. A week later it was done.
 
So now Microsoft has pushed
the idea of =
responsible=20
disclosure, you make this claim and to prove you wrong eeye would have = to act=20
irresponsibly. Nice.
 
Geo.

  "Rich" <{at}> wrote in message news:43c5fc32$1{at}w3.nls.net...
     I am
safe.  =
The issue is old and I don't remember the =
specifics enough=20
  to speculate on others.
   
     Going
by eeye's claims, =
they aren't=20
  claiming the problem is exploitable.  Considering there =
aggressive=20
  self-promotion this suggests they don't know how.  Contrast this =
with the=20
  four quicktime bugs they just starter promoting or the two real player =
bugs=20
  they were promoting in November where they claim to be able to execute =

  arbitrary code or control the program counter.
   
     If you
search the =
internet you can=20
  find someone else who claims to have been looking at this before the =
bulletin=20
  release states
   
  
     The =
vulnerability may lead=20
    to remote code execution when specially crafted fileis being =
parsed,=20
    however the exploitation is _hard_ due to the fact =
attackerdoesn't=20
    control directly the data which will overwrite the heap =
block.However,=20
    it doesn't mean it can't be done =
:)
   
  Rich
   
  
    "Mike N." <mike{at}u-spam-u-die.net>">mailto:mike{at}u-spam-u-die.net">mike{at}u-spam-u-die.net>
=
wrote in=20
    message news:6moas15aei4=
2vld5qmlqaia6o00dbg2quc{at}4ax.com...Rich,=20
    were you, your family and  friends protected from =
MS06-002?  =20
    If so Iwant to know how.  =20
Thanks,

------=_NextPart_000_0080_01C61740.D35ED0B0--

--- BBBS/NT v4.01 Flag-5