Full Disclosure mailing list archives

Re: Symantec ActiveX control buffer overflow

From: Georgi Guninski <guninski () guninski com>
Date: Tue, 24 Jun 2003 20:39:56 +0300

Cesar wrote:

Vendor Status :

I really sorry Symantec i forgot about the 30-day

grace period (see "Security Vulnerability Reportingand Response Process",

http://www.oisafety.org/process.html), also i forgot
to report it :)
This is really funny Symantec try to protect users and
they intruduce dangerous ActiveX controls in users
computers. I think that maybe this control should be
inroduced in Norton virus list :). I wonder if this
advisory will be on Security Focus news or
vulnerability database.


Did you post this to bugtraq, can't see it there?

There is funny self promoting msg on bugtraq from symantec regarding this bug.

georgi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Symantec ActiveX control buffer overflow Cesar (Jun 22)
- Re: (Updated) Symantec ActiveX control buffer overflow Cesar (Jun 23)
- Re: Symantec ActiveX control buffer overflow Georgi Guninski (Jun 24)
  - Re: Symantec ActiveX control buffer overflow Cesar (Jun 24)