0-Day For Sale on Ebay
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: 0-Day For Sale on Ebay

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    0-Day For Sale on Ebay

    Hey Hey,

    This was poking around FD today and I decided to take a look at it.... It's actually humerous and I think the first time that this has been attempted... I wonder if it violates EBays AUP or not.. and what Microsoft has to say about it

    http://cgi.ebay.com/ws/eBayISAPI.dll...tem=7203336538

    I wasn't sure if this should go here or Tech Humour.. but this seems to work..

    I've attached the text for anyone interested, and I'm saving the site so if it ends up gone, ask and I'll mirror it.

    Peace,
    HT


    The lot: One 0-day Microsoft Excel Vulnerability
    Up for sale is one (1) brand new vulnerability in the Microsoft Excel application. The vulnerability was discovered on December 6th 2005, all the details were submitted to Microsoft, and the reply was received indicating that they may start working on it. It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product).

    A percentage of this sale will be contributed to various open-source projects.
    Vulnerability Description (read carefully, this is what you bid on).
    Microsoft Excel does not perform sufficient data validation when parsing document files. As a result, it is possible to pass a large counter value to msvcrt.memmove() function which causes critical memory regions to be overwritten, including the stack space. The vulnerability can be exploited to compromise a user's PC. It is feasible to manipulate the data in the document file to get a code of attacker's choice executed when malicious file is opened by MS Excel. The exploit code is not included in the auction. You must have very advanced skills if you want to further research this vulnerability.

    What will be delivered (at no extra charge):
    The winning bidder must provide an e-mail address that accepts .xls attachments. Two xls files will be mailed to this e-mail address: one file is the original Microsoft Excel document, the other one is a copy of the same document modified to demonstrate the vulnerability. The demonstration merely triggers the exception causing Excel to crash. It does not do anything malicious. A detailed description of the vulnerability will be provided in the message body. At that time you can claim youself to be

    THE ONLY ONE IN THE WORLD
    possessing the knowledge about the vulnerability. Wow! Imagine that! (Well, not counting Microsoft, but I really doubt that they'll share it with anyone.) It is up to you what to do with it, but you may not use it for malicious purposes - see terms and conditions below.

    Special offers:
    Microsoft representatives get 10% off the final price. To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout.

    Terms and conditions of the sale:
    Your bid indicates that you agree to the following:

    You may not use this information for malicious or illegal purposes. The information you receive is for educational and research purposes only.
    The seller reserves the right to refuse delivery to anyone (a full refund will be issued).
    The seller will accept no responsibility for anything you do with this information.
    The seller cannot be held liable under any circumstances.
    Absolutely no refunds will be provided except for the reason mentioned above.
    Disclaimers:
    All trademarks are the property of their respective owners.
    No proprietary software products were decompiled or reverse engineered.
    All information advertised here was used and is to be used to promote the importance and advance the knowlegde in the field of the information security.
    The seller does not encourage any illegal activity.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Special offers:
    Microsoft representatives get 10% off the final price. To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout.
    What a bunch of wankers...
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    CXJ:

    I actually find that quite amusing..... It's not going to happen since he claims they already have the details..... It's a dig.... Take it for what is was meant for.....

    It's still making me giggle though....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Nov 2005
    Posts
    316
    they(microsoft) are the ones to have released it, in the first place. there is nothing that you give them and they dont take it with open arms. they are definately facing a stiff compition from apple, as apple people are deciding to reduce the price of imacs. maybe they already know of this vulnerability and have done something about it in Vista.
    you are entering the vicinity of an area adjecent to the location.

  5. #5
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    What don't they sell on ebay? Breast milk, husbands, kids...
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  6. #6
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    Raion, they have tried selling husbands and kids lol... idk if the thing this guy is selling is actually legal or the real deal for that matter but its still on the site sooooo who knows...
    Git R Dun - Ty
    A tribe is wanted

  7. #7
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    This listing (7203336538) has been removed by eBay or is no longer available.
    Git R Dun - Ty
    A tribe is wanted

  8. #8
    To qualify, you MUST provide @microsoft.com e-mail address
    I really want that discount cause i'm a tight arse, so i'm gonna have tah spoof the @microsoft.com email addresse..

    Me wanders of to boot up a Telnet session.

    Ht any chance on aquiring the details for the mirror..?

    cheers
    f2b

  9. #9
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Anyone know what the bidding was up to before it got pulled?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  10. #10
    Senior Member DakX's Avatar
    Join Date
    Jul 2005
    Posts
    128
    Hmm its offline. HT can you mirror the site? It seemed kinda funny.
    [T]he future is now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •