lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <448549272.20040407194330@SECURITY.NNOV.RU>
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Symantec, McAfee and Panda ActiveX controls

Dear Thomas Kristensen,

Exploitable  overflow  in  Symantec  and  Trend  Micro  were reported in
June/July  2003  by  Cesar  Cerrudo  and  fixed  by vendors. Nearly same
vulnerability was reported in RAV by Tri Huynh.

http://www.security.nnov.ru/search/news.asp?binid=2922

--Wednesday, April 7, 2004, 4:37:03 PM, you wrote to full-disclosure@...ts.netsys.com:

TK> Hi Rafel,

TK> We have analysed the reported vulnerabilities in the Symantec, McAfee
TK> and Panda controls installed by their online scanners.

TK> It appears that your conclusions for Symantec and McAfee are incorrect.
TK> Following your examples seems to only cause null-pointer dereferences
TK> and can therefore only be exploited to crash a browser.

TK> However, the Panda issue is an exploitable heap overflow.

TK> If you have any other information regarding Symantec and McAfee, which
TK> proves that a buffer overflow exists then please publish this.



-- 
~/ZARAZA
?????? ?????? ??????? ???????! (????)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ