Re[2]: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability

Dear Simon,

--Tuesday, October 5, 2004, 11:03:16 PM, you wrote to miguel.dilaj_at_pharma.novartis.com:

>>
S> Looks like a usability versus security issue, where usability takes
S> priority.

In this very case issue is too serious (by accessing password protected
functions in Kaspersky Antivirus user can schedule his own task to run
with LocalSystem privileges). This is good old design flow again: user's
privileges are checked by client component only.

-- 
~/ZARAZA
Стреляя во второй раз, он искалечил постороннего. Посторонним был я. (Твен)