|
Full Disclosure
mailing list archives
Re: Symantec, McAfee and Panda ActiveX controls
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 7 Apr 2004 19:43:30 +0400
Dear Thomas Kristensen,
Exploitable overflow in Symantec and Trend Micro were reported in
June/July 2003 by Cesar Cerrudo and fixed by vendors. Nearly same
vulnerability was reported in RAV by Tri Huynh.
http://www.security.nnov.ru/search/news.asp?binid=2922
--Wednesday, April 7, 2004, 4:37:03 PM, you wrote to full-disclosure () lists netsys com:
TK> Hi Rafel,
TK> We have analysed the reported vulnerabilities in the Symantec, McAfee
TK> and Panda controls installed by their online scanners.
TK> It appears that your conclusions for Symantec and McAfee are incorrect.
TK> Following your examples seems to only cause null-pointer dereferences
TK> and can therefore only be exploited to crash a browser.
TK> However, the Panda issue is an exploitable heap overflow.
TK> If you have any other information regarding Symantec and McAfee, which
TK> proves that a buffer overflow exists then please publish this.
--
~/ZARAZA
Вечная память святому Патрику! (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
