Vulnerability Development mailing list archives
Re[2]: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 6 Oct 2004 15:17:58 +0400
Dear Simon, --Tuesday, October 5, 2004, 11:03:16 PM, you wrote to miguel.dilaj () pharma novartis com:
S> Looks like a usability versus security issue, where usability takes S> priority. In this very case issue is too serious (by accessing password protected functions in Kaspersky Antivirus user can schedule his own task to run with LocalSystem privileges). This is good old design flow again: user's privileges are checked by client component only. -- ~/ZARAZA Стреляя во второй раз, он искалечил постороннего. Посторонним был я. (Твен)
Current thread:
- Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability Tony Montana (Oct 01)
- <Possible follow-ups>
- Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability miguel . dilaj (Oct 05)
- Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability Simon (Oct 05)
- Re[2]: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability 3APA3A (Oct 06)
- Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability Simon (Oct 05)