[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Month of ActiveX Bug

To: Larry@xxxxxxxxxxxxxxxx (Larry Seltzer)
Subject: Re: [Full-disclosure] Month of ActiveX Bug
From: bugtraq@xxxxxxxxxxxxxxx
Date: Tue, 1 May 2007 11:47:35 -0400 (EDT)

> >>http://moaxb.blogspot.com/=20
> =20
> Wow, a DoS in a 3rd-party Poiwerpoint viewer. This ought to bring the
> Internet to its knees. I wonder if he'll have any actual ActiveX bugs=
>  or
> if they'll just be DoS's in controls.

Consider that most often a bug filed as DOS can actually
be exploitable, but the person who discovered it can't get the POC working or 
is even aware it is. While command execution is the ideal goal it doesn't
mean other types of issues are *completely* worthless.  

- Robert
http://www.cgisecurity.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Month of ActiveX Bug
  - From: Larry Seltzer

References:
- Re: [Full-disclosure] Month of ActiveX Bug
  - From: Larry Seltzer

Prev by Date: Re: [Full-disclosure] Month of ActiveX Bug
Next by Date: Re: [Full-disclosure] Month of ActiveX Bug
Previous by thread: Re: [Full-disclosure] Month of ActiveX Bug
Next by thread: Re: [Full-disclosure] Month of ActiveX Bug
Index(es):
- Date
- Thread