I find this amusing beyond words.     -rf

(c/o J)



The lot: One 0-day Microsoft Excel Vulnerability

Up for sale is one (1) brand new vulnerability in the Microsoft Excel
application. The vulnerability was discovered on December 6th 2005, all
the details were submitted to Microsoft, and the reply was received
indicating that they may start working on it. It can be assumed that no
patch addressing this vulnerability will be available within the next few
months. So, since I was unable to find any use for this by-product of
Microsoft developers, it is now available for you at the low starting
price of $0.01 (a fair value estimation for any Microsoft product).
A percentage of this sale will be contributed to various open-source
Vulnerability Description (read carefully, this is what you bid on).

Microsoft Excel does not perform sufficient data validation when parsing
document files. As a result, it is possible to pass a large counter value
to msvcrt.memmove() function which causes critical memory regions to be
overwritten, including the stack space. The vulnerability can be exploited
to compromise a user's PC. It is feasible to manipulate the data in the
document file to get a code of attacker's choice executed when malicious
file is opened by MS Excel. The exploit code is not included in the
auction. You must have very advanced skills if you want to further
research this vulnerability.
What will be delivered (at no extra charge):

The winning bidder must provide an e-mail address that accepts .xls
attachments. Two xls files will be mailed to this e-mail address: one file
is the original Microsoft Excel document, the other one is a copy of the
same document modified to demonstrate the vulnerability. The demonstration
merely triggers the exception causing Excel to crash. It does not do
anything malicious. A detailed description of the vulnerability will be
provided in the message body. At that time you can claim youself to be
possessing the knowledge about the vulnerability. Wow! Imagine that!
(Well, not counting Microsoft, but I really doubt that they'll share it
with anyone.) It is up to you what to do with it, but you may not use it
for malicious purposes - see terms and conditions below.

Special offers:

Microsoft representatives get 10% off the final price. To qualify, you
MUST provide @microsoft.com e-mail address and MUST mention discount code
LINUXRULZ during checkout.
Terms and conditions of the sale:

Your bid indicates that you agree to the following:

    1. You may not use this information for malicious or illegal purposes.
The information you receive is for educational and research purposes only.
    2. The seller reserves the right to refuse delivery to anyone (a full
refund will be issued).
    3. The seller will accept no responsibility for anything you do with
this information.
    4. The seller cannot be held liable under any circumstances.
    5. Absolutely no refunds will be provided except for the reason
mentioned above.


    1. All trademarks are the property of their respective owners.
    2. No proprietary software products were decompiled or reverse
    3. All information advertised here was used and is to be used to
promote the importance and advance the knowlegde in the field of the
information security.
    4. The seller does not encourage any illegal activity.

You are a subscribed member of the infowarrior list. Visit 
www.infowarrior.org for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.

Reply via email to