In a November 14 post on the Full Disclosure mailing list, the researcher said they had been in contact with the vendor, but claimed they did not receive a satisfactory response within a given timeframe.
“As the attack complexity is low and exploits have already been published by a third party there must be no further delay in making the threads publicly known,” the researcher said.