Posted by Shahar Tal on Dec 22

Hi Sandro,
As I commented before, we are bound by policy that is out of my personal reach at the moment.
I can tell you, however, that when any independent researcher looks into the HTTP cookie parsing function in the
RomPager 4.07 binary, his bounds will not be checked.

Cheers,
Shahar

From: Sandro Gauci [mailto:sandro () enablesecurity com]
Sent: יום ו 19 דצמבר 2014 09:57
To: Michal Zalewski
Cc: Shahar Tal; fulldisclosure () seclists…