Re: Fwd: Norton Email Protection Remote Overflow (Addendum)

[ncb () ATTRITION ORG (Nicholas Brawn)]

I would like to add that Symantec has been notified by myself, and should
already have been aware of an issue due to another Bugtraq post on POProxy
and the potential for a DoS attack.

Cheers,
Nick

> > From: Matt Conover <shok () cannabis dataforce net>
> > Subject:      Norton Email Protection Remote Overflow (Addendum)
> > X-To:         bugtraq () securityfocus com
> > To: BUGTRAQ () SECURITYFOCUS COM
> >
> > This was going to be w00giving #11 (w00giving #10 will be posted within
> > the next few days).  Anyway, this allows EIP to be overwritten with 265+
> > bytes, which person who posted this vulnerability failed to mention or
> > failed to notice.  It's unclear if he labeled it as a DoS because he
> > didn't realize it overwrote EIP or because he was unable to produce an
> > exploit.  We have not had a chance to write an exploit and we will also
> > try to do that within the next few days.
> >
> > w00w00 Security Development
> >
> > Title:          Buffer Overflow in POProxy (Norton Antivirus 2000)
> > Platforms:      Windows 95/98/NT/2000
> > Date:           11th December, 1999
> > Last Updated:   n/a
> > Vendor Notified: n/a
> > Author:         Nicholas Brawn <ncb () attrition org>