At the end of the day, you're going to be treated like a child as long as you continue to type like one.
The entertaining part for me is how each of your replies contradicts a previous one. According to you, this *vulnerability* *has existed for years*. And also according to you, the reason why the original email was filled with spelling errors is because it *was rushed out due to you being "awake" at 6AM.* Do you see the inconsistency between those two statements? Your response to Christian also indicated that you* **didn't just discover this*. IF this is an old vulnerability and IF you've known about it for an extended period of time - WHY did you have to post it right when you did? It's old, you've known about it for a while, it's existed for years, yet it couldn't wait until later in the day? It couldn't wait until you had time to skim over the email and correct any spelling/grammar mistakes? It absolutely had to be posted right then and there? On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- <[email protected]>wrote: > Thats why i the people who do understand it, can see that it is there... > yes, VERY hard to expalin, id LOVE to see you try. > > > > On 12 June 2011 12:11, adam <[email protected]> wrote: > >> Furthermore, pretending that we [the readers] are somehow at fault here >> (for not understanding) isn't going to get you very far. The only thing >> consistent in this entire thread is that people *kind of* want to know >> what you're talking about, but aren't able to due to the poor writing style >> and spelling/grammar errors. >> >> It should be noted that no one is being anal about typos, I fully >> understand that people make mistakes. The difference is that it appears you >> didn't even so much as proof read the original email. >> >> >> On Sat, Jun 11, 2011 at 9:04 PM, phocean <[email protected]> wrote: >> >>> Hi n3td3v... oops!... secn3t (that is close), >>> >>> Sorry but I don't understand anything to this thread. >>> Each of your emails is such a pain to read, that I stop at the first >>> sentence. >>> We are all busy and don't want to take 20 min to decipher your writing >>> with the risk that it is not deserving it. >>> Please clarify and give consistent technical facts. >>> >>> Thanks. >>> >>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit : >>> > This is NOT coded.. the PoC i am explaining, is possible with simply >>> > copyying text,then using a sequence of keys, to make the actual >>> > sentence/s, appear. >>> > This code is not what shows up when it is dissected. >>> > It shows up with many x41 all over the email when it is done properly . >>> > Regards. >>> > >>> > >>> > >>> > On 12 June 2011 11:29, Christian Sciberras <[email protected] >>> > <mailto:[email protected]>> wrote: >>> > >>> > For those lazy enough to search: >>> > >>> > >>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1 >>> > >>> > >>> > Excerpt: >>> > >>> > Basicaly just compile this and you will get a 100% processor usage >>> > by the compiled exploit and Csrss.exe >>> > >>> > #include <stdio.h> >>> > int main(void) >>> > { >>> > while(1) >>> > printf("\t\t\b\b\b\b\b\b"); >>> > return 0; >>> > } >>> > >>> > >>> > How this helps in sending spam is beyond me. >>> > >>> > >>> > >>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton < >>> [email protected] >>> > <mailto:[email protected]>> wrote: >>> > >>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- >>> > <[email protected] <mailto:[email protected]>> wrote: >>> > >>> > > It is now, over 1yr old atleast and exists in riched20.dll. >>> > > This PoC info is over for me also. >>> > Microsoft had problems with a backspace in the past. Search for >>> > "CSRSS >>> > Backspace Bug". >>> > >>> > > [SNIP >>> > >>> > Jeff >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> > >>> > >>> > >>> > >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> -- >>> phocean >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
