Time-line 27 September 2012: This vulnerability was found through fuzzing. 7 November 2012: This vulnerability was submitted to EIP. 27 November 2012: This vulnerability was rejected by EIP. 28 November 2012: This vulnerability was submitted to ZDI. Between December 2012 and February 2013: Microsoft addresses this vulnerability. 27 February 2012: This vulnerability was rejected by ZDI. 8 December 2016: Details of this vulnerability are released. I would like to note that although ZDI did not acquire the vulnerability as it was patched before they could finish analysis, they did offer me ZDI reward points as a courtesy. -->