[Full-Disclosure] RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
cesarc56 at yahoo.com
Mon Jun 30 18:06:35 BST 2003
Anyone want to exploit the bug?
Symantec is very happy to help attackers:
--- Jason Coombs <jasonc at science.org> wrote:
> Aloha, Symantec Security.
> Two questions:
> 1) Does this ActiveX control bear a digital
> signature? If so, the problem it
> causes does not go away simply because there is a
> new version available from
> Symantec. An attacker in possession of the bad code
> with its attached digital
> signature can fool a victim whose computer does not
> currently have the
> vulnerable code installed into trusting the ActiveX
> control due to the fact
> that Symantec's digital signature will validate
> against the trusted root CA
> certificate present by default in Windows -- the
> existence of the digital
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
Full-Disclosure is hosted and sponsored by Secunia.