[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <448549272.20040407194330@SECURITY.NNOV.RU>
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Symantec, McAfee and Panda ActiveX controls
Dear Thomas Kristensen,
Exploitable overflow in Symantec and Trend Micro were reported in
June/July 2003 by Cesar Cerrudo and fixed by vendors. Nearly same
vulnerability was reported in RAV by Tri Huynh.
http://www.security.nnov.ru/search/news.asp?binid=2922
--Wednesday, April 7, 2004, 4:37:03 PM, you wrote to full-disclosure@...ts.netsys.com:
TK> Hi Rafel,
TK> We have analysed the reported vulnerabilities in the Symantec, McAfee
TK> and Panda controls installed by their online scanners.
TK> It appears that your conclusions for Symantec and McAfee are incorrect.
TK> Following your examples seems to only cause null-pointer dereferences
TK> and can therefore only be exploited to crash a browser.
TK> However, the Panda issue is an exploitable heap overflow.
TK> If you have any other information regarding Symantec and McAfee, which
TK> proves that a buffer overflow exists then please publish this.
--
~/ZARAZA
?????? ?????? ??????? ???????! (????)
Powered by blists - more mailing lists