Full Disclosure mailing list archives
Re: AVAST Internet Security Suite - Persistent Vulnerabilities
From: security curmudgeon <jericho () attrition org>
Date: Fri, 5 Jul 2013 14:27:26 -0500 (CDT)
Seriously?Your avast! issues weren't tested properly it seems. The command shell you invoke is running with the same privileges as the user installing/running the software.
There is no privilege escalation based on the 'exploit' you report. These are not vulnerabilities.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AVAST Internet Security Suite - Persistent Vulnerabilities Vulnerability Lab (Jul 04)
- <Possible follow-ups>
- Re: AVAST Internet Security Suite - Persistent Vulnerabilities security curmudgeon (Jul 06)