|Main Archive Page > Month Archives > full-disclosure-uk archives|
Good to see nothing's changed with Bugtraq in fifteen years. Anyone want to point me to a security list where ads like the one below are not allowed?
2010/1/21 email@example.com <firstname.lastname@example.org
> Microsoft Internet Explorer Remote Memory Corruption Vulnerability
> Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability
> in Microsoft's Internet Explorer.
> Remote Code Execution.
> Affected Software:
> For a list of Internet Explorer versions affected, please see the Microsoft
> Security Advisory reference below.
> Additional Information:
> In order to compromise a system / remotely execute code, an attacker would
> lure a user to a maliciously crafted website. When a user views the Web
> page, the vulnerability could allow remote code execution. An attacker who
> successfully exploited this vulnerability could gain the same user rights as
> the logged-on user. If a user is logged on with administrative user rights,
> an attacker who successfully exploited this vulnerability could take
> complete control of an affected system.
> Since an attack scenario would require a user to visit a malicious website,
> it is recommended to have a layered security solution through webfiltering
> and intrusion prevention for mitigation.
> * Use the solution provided by Microsoft (MS10-002).
> * FortiGuard Labs released the signature
> o Advanced zero-day protection has been available since September
> 3, 2009.
> FortiGuard Labs continues to monitor attacks against this vulnerability.
> Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS)
> service should be protected against this vulnerability. Fortinet's IPS
> service is one component of FortiGuard Subscription Services, which also
> offer comprehensive solutions such as antivirus, Web content filtering and
> antispam capabilities. These services enable protection against threats on
> both application and network layers. FortiGuard Services are continuously
> updated by FortiGuard Labs, which enables Fortinet to deliver a combination
> of multi-layered security intelligence and true zero-day protection from new
> and emerging threats. These updates are delivered to all FortiGate,
> FortiMail and FortiClient products. Fortinet strictly follows responsible
> disclosure guidelines to ensure optimum protection during a threat's
> FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2010-05.html
> Microsoft Security Bulletin:
> CVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0247
> Haifei Li of Fortinet's FortiGuard Labs