Full Disclosure mailing list archives
Re: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
From: Cesar <cesarc56 () yahoo com>
Date: Mon, 30 Jun 2003 10:06:35 -0700 (PDT)
Anyone want to exploit the bug? Symantec is very happy to help attackers: http://enterprisesecurity.symantec.com/SecurityServices/content.cfm?ArticleID=682&EID="><script>alert()</script> Cesar. --- Jason Coombs <jasonc () science org> wrote:
Aloha, Symantec Security. Two questions: 1) Does this ActiveX control bear a digital signature? If so, the problem it causes does not go away simply because there is a new version available from Symantec. An attacker in possession of the bad code with its attached digital signature can fool a victim whose computer does not currently have the vulnerable code installed into trusting the ActiveX control due to the fact that Symantec's digital signature will validate against the trusted root CA certificate present by default in Windows -- the existence of the digital
..... __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow Jason Coombs (Jun 24)
- Re: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow Cesar (Jun 25)
- Re: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow Jeremiah Cornelius (Jun 25)
- Re: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow Cesar (Jun 30)
- Re: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow Cesar (Jun 25)