Cary, The discovery date is a typo and has been corrected on our website:
http://www.idefense.com/application/poi/display?id=116&type=vulnerabilit ies The corrected timeline is: 02/02/2004 Exploit discovered by iDEFENSE 03/11/2004 Initial vendor notification 03/11/2004 Initial vendor response 03/11/2004 iDEFENSE clients notified 06/07/2004 Vendor update released 07/12/2004 Public Disclosure Greg pointed out my error shortly after the advisory was sent. Regards, Michael Sutton Director, iDEFENSE Labs -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cary Barker Sent: Monday, July 12, 2004 3:27 PM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability <snip> 02/02/2003 Exploit discovered by iDEFENSE 03/11/2004 Initial vendor notification <snip> Is that initial notification date a typo or did they sit on it for over a year before notifying the vendor? Cary Barker Network Security Administrator Campbell & Company, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 12, 2004 10:50 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability <snip> ______________________________________________________________________ Campbell & Company, Inc.: The information in this e-mail may contain privileged/confidential information. If you are not the intended recipient, you must not read, use, copy or disseminate the information or take any action in reliance thereupon. If you have received this e-mail in error, please notify Campbell & Company, Inc. immediately by e-mail or telephone and delete the e-mail and any attachments from any computer. The information in this e-mail does not constitute an offer to sell or the solicitation of an offer to buy any securities in any jurisdiction or for the benefit of any person. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
