Full Disclosure mailing list archives
Re: Month of ActiveX Bug
From: Goetz Von Berlichingen <goetzvonberlichingen () comcast net>
Date: Sun, 06 May 2007 10:02:06 -0600
Steven Adair wrote:
However, regardless of whether it results in remote code execution, I don't think a DoS should necessarily be discounted as frivolous or irrelevant. It might not rank up there with critical or high vulnerabilities, but it is a vulnerability nonetheless.
The severity of a DOS is entirely context dependent. That's why software users need to informed about the DOS so they can decide how critical it is in their context. A home user who rarely uses an ActiveX .ocx may consider a DOS of that feature negligible. If that ocx (probably not a PowerPoint viewer) is used in controlling a catalytic cracker, then a DOS is a lot more serious. Goetz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Month of ActiveX Bug xxx xxx (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug bugtraq (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug Valdis . Kletnieks (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug bugtraq (May 01)
- Re: Month of ActiveX Bug Steven Adair (May 01)
- Re: Month of ActiveX Bug James Matthews (May 01)
- Re: Month of ActiveX Bug Goetz Von Berlichingen (May 06)
- Re: Month of ActiveX Bug bugtraq (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug Dude VanWinkle (May 03)
- Re: Month of ActiveX Bug Larry Seltzer (May 03)
- Re: Month of ActiveX Bug Dude VanWinkle (May 03)
- Re: Month of ActiveX Bug Larry Seltzer (May 03)
- Re: Month of ActiveX Bug Dude VanWinkle (May 03)
- Re: Month of ActiveX Bug bugtraq (May 04)
- Re: Month of ActiveX Bug M. Shirk (May 04)
- Re: Month of ActiveX Bug Alex Kirk (May 04)