[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <SXrPUaYrW7cnbuwlFkc/snDY1Rs@jQIs0BAcOOQB2/2sm/DJ4UP1y3M>
Date: Tue, 25 Nov 2008 13:51:20 +0300
From: Eygene Ryabinkin <rea-sec@...elabs.ru>
To: svrt <svrt@...v.com.vn>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow
affecting all internet browsers (SVRT-Bkis)
Good day.
Mon, Nov 24, 2008 at 03:17:05PM +0700, svrt wrote:
> In Oct 2008, SVRT-Bkis has detected a serious buffer overflow vulnerability
> in ffdshow which affects all available internet browsers.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Really? And links, elinks, lynx, dillo and others are affected too?
What about my Firefox that (I assume) has no ffdshow code inside it and
there are no ffdshow-related plugins coupled to it? Is it vulnerable?
I am really appreciate that you're searching for the issues and
releasing advisories -- thanks for doing this! But, please, use the
appropriate wording, or your advisories will lead to controversial
feelings.
Sorry for being a bit bluffy :(
--
Eygene
Powered by blists - more mailing lists