lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: cesarc56 at yahoo.com (Cesar)
Subject: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow

Anyone want to exploit the bug? 
Symantec is very happy to help attackers:

http://enterprisesecurity.symantec.com/SecurityServices/content.cfm?ArticleID=682&EID="><script>alert()</script>

Cesar.

--- Jason Coombs <jasonc@...ence.org> wrote:
> Aloha, Symantec Security.
> 
> Two questions:
> 
> 1) Does this ActiveX control bear a digital
> signature? If so, the problem it
> causes does not go away simply because there is a
> new version available from
> Symantec. An attacker in possession of the bad code
> with its attached digital
> signature can fool a victim whose computer does not
> currently have the
> vulnerable code installed into trusting the ActiveX
> control due to the fact
> that Symantec's digital signature will validate
> against the trusted root CA
> certificate present by default in Windows -- the
> existence of the digital
.....

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

Powered by blists - more mailing lists