0 day for sale on Ebay
There is a Zero-Day vulnerability in MS Excel for sale on ebay. From the auction:
“Up for sale is one (1) brand new vulnerability in the Microsoft Excel application. The vulnerability was discovered on December 6th 2005, all the details were submitted to Microsoft, and the reply was received indicating that they may start working on it. It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product).”
It should be noted that the seller is not providing exploit code with the auction, but will email an excel file that demonstrates the vunlerability by crashing excel along with a detailed description of the vuln. The final recipient would have to be skilled enough to take that information and create an exploit. The seller is offering a 10% discount to Microsoft Representatives. You must provide a microsoft.com email address as well as use the discount code “LINUXRULZ” while checking out.
I don’t know whats funnier, the auction itself or that I personally know the current highest bidder.
Update: The auction has been shut down, an copy of the email sent to bidders and screen shot can be found here
Leave a Reply