[Full-Disclosure] RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
Cesar
cesarc56 at yahoo.com
Mon Jun 30 18:06:35 BST 2003
Anyone want to exploit the bug?
Symantec is very happy to help attackers:
http://enterprisesecurity.symantec.com/SecurityServices/content.cfm?ArticleID=682&EID="><script>alert()</script>
Cesar.
--- Jason Coombs <jasonc at science.org> wrote:
> Aloha, Symantec Security.
>
> Two questions:
>
> 1) Does this ActiveX control bear a digital
> signature? If so, the problem it
> causes does not go away simply because there is a
> new version available from
> Symantec. An attacker in possession of the bad code
> with its attached digital
> signature can fool a victim whose computer does not
> currently have the
> vulnerable code installed into trusting the ActiveX
> control due to the fact
> that Symantec's digital signature will validate
> against the trusted root CA
> certificate present by default in Windows -- the
> existence of the digital
.....
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.