lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: cesarc56 at yahoo.com (Cesar) Subject: RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow Anyone want to exploit the bug? Symantec is very happy to help attackers: http://enterprisesecurity.symantec.com/SecurityServices/content.cfm?ArticleID=682&EID="><script>alert()</script> Cesar. --- Jason Coombs <jasonc@...ence.org> wrote: > Aloha, Symantec Security. > > Two questions: > > 1) Does this ActiveX control bear a digital > signature? If so, the problem it > causes does not go away simply because there is a > new version available from > Symantec. An attacker in possession of the bad code > with its attached digital > signature can fool a victim whose computer does not > currently have the > vulnerable code installed into trusting the ActiveX > control due to the fact > that Symantec's digital signature will validate > against the trusted root CA > certificate present by default in Windows -- the > existence of the digital ..... __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Powered by blists - more mailing lists