| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 01 May 2009 11:45:50 +1200 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: bugtraq@...urityfocus.com Subject: Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit Symantec Product Security Team <secure@...antec.com> wrote: > Symantec discontinued sales and support for Winfax Pro in early 2006. > As such, there will be no further updates to the product. > > Anyone running a legacy version of this product and concerned about > this issue may want to follow the procedures outlined in MSKB 240797 > http://support.microsoft.com/kb/240797 to set the killbit for this > control to prevent it from being called. As you're effectively saying you've abandoned the product, might not the best course of action be for you to ask MS to add that its Patch Tuesday third-party killbit list so it is done for those who don't now better? That is, those who need the most help? That's what I'd consider the reasonable thing to do, _particularly_ for a security product developer. Hopefully MS can get it into the next patch kit (probably unlikely now?) before someone takes the published PoC and adds it to one or more of the various web exploitation kits out there... Regards, Nick FitzGerald
Powered by blists - more mailing lists