Good to see nothing's changed with Bugtraq in fifteen years. Anyone want to point me to a security list where ads like the one below are not allowed?
2010/1/21 [email protected] <[email protected] > > Microsoft Internet Explorer Remote Memory Corruption Vulnerability > 2010.January.21 > > Summary: > ======== > Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability > in Microsoft's Internet Explorer. > > Impact: > ======= > Remote Code Execution. > > Risk: > ===== > Critical > > Affected Software: > ================== > For a list of Internet Explorer versions affected, please see the Microsoft > Security Advisory reference below. > > Additional Information: > ======================= > In order to compromise a system / remotely execute code, an attacker would > lure a user to a maliciously crafted website. When a user views the Web > page, the vulnerability could allow remote code execution. An attacker who > successfully exploited this vulnerability could gain the same user rights as > the logged-on user. If a user is logged on with administrative user rights, > an attacker who successfully exploited this vulnerability could take > complete control of an affected system. > > Solutions: > ========== > Since an attack scenario would require a user to visit a malicious website, > it is recommended to have a layered security solution through webfiltering > and intrusion prevention for mitigation. > > * Use the solution provided by Microsoft (MS10-002). > * FortiGuard Labs released the signature > "MS.IE.MergeAttributes.Remote.Code.Execution". > o Advanced zero-day protection has been available since September > 3, 2009. > > FortiGuard Labs continues to monitor attacks against this vulnerability. > > Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) > service should be protected against this vulnerability. Fortinet's IPS > service is one component of FortiGuard Subscription Services, which also > offer comprehensive solutions such as antivirus, Web content filtering and > antispam capabilities. These services enable protection against threats on > both application and network layers. FortiGuard Services are continuously > updated by FortiGuard Labs, which enables Fortinet to deliver a combination > of multi-layered security intelligence and true zero-day protection from new > and emerging threats. These updates are delivered to all FortiGate, > FortiMail and FortiClient products. Fortinet strictly follows responsible > disclosure guidelines to ensure optimum protection during a threat's > lifecycle. > > References: > =========== > FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2010-05.html > Microsoft Security Bulletin: > http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx > CVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0247 > > Acknowledgement: > ================ > Haifei Li of Fortinet's FortiGuard Labs > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
