[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Symantec, McAfee and Panda ActiveX controls

To: Thomas Kristensen <tk@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Symantec, McAfee and Panda ActiveX controls
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Wed, 7 Apr 2004 19:43:30 +0400

Dear Thomas Kristensen,

Exploitable  overflow  in  Symantec  and  Trend  Micro  were reported in
June/July  2003  by  Cesar  Cerrudo  and  fixed  by vendors. Nearly same
vulnerability was reported in RAV by Tri Huynh.

http://www.security.nnov.ru/search/news.asp?binid=2922

--Wednesday, April 7, 2004, 4:37:03 PM, you wrote to 
full-disclosure@xxxxxxxxxxxxxxxx:

TK> Hi Rafel,

TK> We have analysed the reported vulnerabilities in the Symantec, McAfee
TK> and Panda controls installed by their online scanners.

TK> It appears that your conclusions for Symantec and McAfee are incorrect.
TK> Following your examples seems to only cause null-pointer dereferences
TK> and can therefore only be exploited to crash a browser.

TK> However, the Panda issue is an exploitable heap overflow.

TK> If you have any other information regarding Symantec and McAfee, which
TK> proves that a buffer overflow exists then please publish this.



-- 
~/ZARAZA
Вечная память святому Патрику! (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Symantec, McAfee and Panda ActiveX controls
  - From: Thomas Kristensen

Prev by Date: RE: [Full-Disclosure] Wiretap or Magic Lantern?
Next by Date: Re: [Full-Disclosure] FAT32 input > output = null?
Previous by thread: Re: [Full-Disclosure] Symantec, McAfee and Panda ActiveX controls
Next by thread: [Full-Disclosure] On PGP (was: Wiretap or Magic Lantern?)
Index(es):
- Date
- Thread