Marcel Weber wrote: > I want to correct myself: CAN-2003-0961 dates from the 26th November > 2003, as far I could see on the CVE.org site. This means that unless > every discovered bug would be fixed, this incident could not have been > avoided. This is of course not realistic.
You can't infer much data from the assignment date. The CVE process is a bit more complicated these days. BTW, the guys at isecl.pl believe that their exploit leaked to the underground. So it might have been discovered by the good guys, but it leaked somewhere during the delayed disclosure process.
