RE: [Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-05-19 Thread Mollie
Is the CVE number 13131943? Just need to confirm. Thanks, Mollie -Original Message- From: boun...@canonical.com [mailto:boun...@canonical.com] On Behalf Of Dmitry Janushkevich Sent: Saturday, May 10, 2014 1:16 AM To: Microsoft Vulnerability Research Subject: [Bug 1313194] Re: Bochs

[Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-05-09 Thread Mollie
Hello, Could someone tell me if Microsoft is clear for releasing an advisory on this? We would like to acknowledge our finder (without releasing full details) on our acknowledgements page. Thanks! Mollie -- You received this bug notification because you are a member of Ubuntu Bugs, which is

RE: [Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-05-09 Thread Mollie
Thanks so much! Can you clear us for releasing an advisory on this issue acknowledging our finder? Mollie -Original Message- From: boun...@canonical.com [mailto:boun...@canonical.com] On Behalf Of Dmitry Janushkevich Sent: Tuesday, May 6, 2014 5:00 AM To: Microsoft Vulnerability

RE: [Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-04-29 Thread Mollie
Hello there! Thanks much for taking a look at this, very much appreciated. More info attached. No CVE as yet, though I'd love to get one. Have been attempting to contact Bochs for months. Mollie -Original Message- From: boun...@canonical.com [mailto:boun...@canonical.com] On Beha

RE: [Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-04-29 Thread Mollie
ing to as the image file. Mollie -Original Message- From: boun...@canonical.com [mailto:boun...@canonical.com] On Behalf Of Seth Arnold Sent: Monday, April 28, 2014 11:04 PM To: Microsoft Vulnerability Research Subject: [Bug 1313194] Re: Bochs Multiple Vulnerabilities Mollie, thanks

[Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-05-03 Thread Mollie
Response from our finder: I’ve saw that they’re replied to this bug and deemed it not a security issue. I don’t agree with that, as their reason is they’re saying bxrc is a config file. Of course it is, but it’s part of the packaging for a virtual machine. Example: If I packaged up a test.img wit

[Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-05-03 Thread Mollie
Here's another try at the PoC: ** Attachment added: "1313194" https://bugs.launchpad.net/ubuntu/+source/bochs/+bug/1313194/+attachment/4103888/+files/MSVR%20Vulnerability%20Report%20Bochs%20Multiple%20Vulnerabilities.docx -- You received this bug notification because you are a member of Ubun

RE: [Bug 1313194] Re: Bochs Multiple Vulnerabilities

2014-06-13 Thread Mollie
Security researcher acknowledgement Hello, I'm writing to let you know that the security researcher acknowledgement for the issue we recently reported to you is now up at http://technet.microsoft.com/en-US/dn613815 Thank you again for tending to our report in a timely manner. Mollie