[Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
Michael Strutton
strutton at corp.earthlink.net
Fri Jan 26 21:48:38 GMT 2007
> -------- Original Message --------
> Subject: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe
> Methods Vulnerability
> Date: Fri, 26 Jan 2007 02:23:51 +0800
> From: Ethan Hunt <m34r at hackermail.com>
> To: full-disclosure at lists.grok.org.uk
>
> Title:
> -------------------
> Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
>
A number of teams at EarthLink have reviewed both this claim and our
code. We have concluded that this exploit does not exist. While we
can not go into the details of our proprietary code, we can confirm
validation methods are in place that would prevent an outsider from
gaining access to the spamBlocker whitelist via these APIs.
Thanks,
Michael Strutton
Director Product Management, Client Software
EarthLink
Full-Disclosure is hosted and sponsored by Secunia.