Because Microsoft refused to credit the researcher who reported MS08-011/CVE-2008-0108 a corresponding exploit was publicly released. A person or group going by the name chujwamwdupe chujwamwdupe posted the exploit to Full-disclosure.
Unfortunately, Microsoft has refused to credit you using the name you requested.
I think there's a mixup in the iDefense Labs advisory, unless sillypea is chujwamwdupe. The CREDIT section says:
This vulnerability was reported to VeriSign iDefense by sillypea.
The acknowledgments on the Microsoft bulletin says:
VeriSign iDefense VCP for reporting the Microsoft Works Converter Overrun Vulnerability (CVE-2008-0108).
Microsoft flagged the pseudonym as offensive. This is similar to what happened when Manuel Santamarina Suarez aka FistFuXXer reported MS06-059/CVE-2006-2387. They had to drop FistFuXXer in the bulletin.
I wonder what does the polish word chujwamwdupe really mean ?
2 comments:
2/23/08 3:34 PM
From Fabrice Marie, a fellow pentester in SG, who is a French-Polish, told me:
"I think it's supposed to be in several words.
Dupe is the ass (pronounce doopeh).
The rest I have no idea."
2/26/08 11:52 AM
Thanks for the hint. I think it means anal sex.
Post a Comment