[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass
2020-02-25 00:57:49 Author: seclists.org(查看原文) 阅读量:130 收藏

bugtraq logo Bugtraq mailing list archives

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass
From: Thierry Zoller <thierry () zoller lu>
Date: Mon, 24 Feb 2020 12:37:45 +0100
________________________________________________________________________

           From the lets-try-it-this-way Department
Qihoo360 | GDATA | Rising | Webroot | Dr Web  Generic Archive Bypass
________________________________________________________________________

Release mode    : Vendors do not react / Reverse Coordination Attempt
Ref : [TZO-22-2020] - Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot 
Status          : Unpatched
Dislosure Policy: https://caravelahq.com/b/policy/20949

1. Summary
==========
Deviating from my Disclosure policy : Situations where the time it takes to discover a vulnerability is inferior to the time spend to coordinate it call for a new way to approach vulnerability coordination. I call it reverse coordination. As these are mostly low risk findings I personally do not have any issues with proceeding that way. 

2. Description
==============
Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot 

3. Coordination
===============
Unless Qihoo, respectively GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot get into touch within the next 21 days, I will proceed to publish the vulnerabilities on this very list without any further communication attempt. Many attempts have been made.

  By Date           By Thread  

Current thread:
  • [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass Thierry Zoller (Feb 24)

文章来源: http://seclists.org/bugtraq/2020/Feb/34
如有侵权请联系:admin#unsafe.sh