On Tue, 8 Jun 2010, Secunia Research wrote: > ====================================================================== > > Secunia Research 08/06/2010 > > - Microsoft Excel Record Parsing Input Validation Vulnerability - > > ====================================================================== > > ====================================================================== > 2) Severity > > Rating: Highly critical > Impact: System compromise > Where: Remote > > ====================================================================== > 6) Time Table > > 04/12/2009 - Vendor notified. > 04/12/2009 - Vendor response. > 11/01/2010 - Status update requested. > 12/01/2010 - Vendor provides status update. > 30/03/2010 - Vendor provides status update. > 27/04/2010 - Vendor provides status update. > 26/05/2010 - Vendor provides status update. > 08/06/2010 - Public disclosure.
15.75 months to respond to a critical vulnerability in one of the most widely used business applications the world has seen? w00t. -- Paul Heinlein <> heinl...@madboa.com <> www.madboa.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/