While I wouldn’t call it a new class of vulnerability, per se, it certainly exhibits some unique characteristics to make it more research-worthy than finding buffer overflows.
While I wouldn’t call it a new class of vulnerability, per se, it certainly exhibits some unique characteristics to make it more research-worthy than finding buffer overflows.
What makes you think they didn’t?
Good guy =/= always discloses stuff…
Here is another simultaneous discovery story for you: http://lists.immunitysec.com/pipermail/dailydave/2006-January/002814.html
@Anton -
“What makes you think they didn’t?”
Because Microsoft didn’t know about it. (They’re not good if they don’t tell the vendor. You’re right, though, they don’t have to tell the world).
Pete