[Full-disclosure] Month of ActiveX Bug
Goetz Von Berlichingen
goetzvonberlichingen at comcast.net
Sun May 6 17:02:06 BST 2007
Steven Adair wrote:
> However, regardless of whether it results in remote code execution, I
> don't think a DoS should necessarily be discounted as frivolous or
> irrelevant. It might not rank up there with critical or high
> vulnerabilities, but it is a vulnerability nonetheless.
The severity of a DOS is entirely context dependent. That's why
software users need to informed about the DOS so they can decide how
critical it is in their context. A home user who rarely uses an ActiveX
.ocx may consider a DOS of that feature negligible. If that ocx
(probably not a PowerPoint viewer) is used in controlling a catalytic
cracker, then a DOS is a lot more serious.
Goetz
Full-Disclosure is hosted and sponsored by Secunia.