lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <448549272.20040407194330@SECURITY.NNOV.RU> From: 3APA3A at SECURITY.NNOV.RU (3APA3A) Subject: Symantec, McAfee and Panda ActiveX controls Dear Thomas Kristensen, Exploitable overflow in Symantec and Trend Micro were reported in June/July 2003 by Cesar Cerrudo and fixed by vendors. Nearly same vulnerability was reported in RAV by Tri Huynh. http://www.security.nnov.ru/search/news.asp?binid=2922 --Wednesday, April 7, 2004, 4:37:03 PM, you wrote to full-disclosure@...ts.netsys.com: TK> Hi Rafel, TK> We have analysed the reported vulnerabilities in the Symantec, McAfee TK> and Panda controls installed by their online scanners. TK> It appears that your conclusions for Symantec and McAfee are incorrect. TK> Following your examples seems to only cause null-pointer dereferences TK> and can therefore only be exploited to crash a browser. TK> However, the Panda issue is an exploitable heap overflow. TK> If you have any other information regarding Symantec and McAfee, which TK> proves that a buffer overflow exists then please publish this. -- ~/ZARAZA ?????? ?????? ??????? ???????! (????)
Powered by blists - more mailing lists