[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Month of ActiveX Bug

To: steven@xxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Month of ActiveX Bug
From: Goetz Von Berlichingen <goetzvonberlichingen@xxxxxxxxxxx>
Date: Sun, 06 May 2007 10:02:06 -0600

Steven Adair wrote:
> However, regardless of whether it results in remote code execution, I
> don't think a DoS should necessarily be discounted as frivolous or
> irrelevant.  It might not rank up there with critical or high
> vulnerabilities, but it is a vulnerability nonetheless.

   The severity of a DOS is entirely context dependent.  That's why 
software users need to informed about the DOS so they can decide how 
critical it is in their context.  A home user who rarely uses an ActiveX 
.ocx may consider a DOS of that feature negligible.  If that ocx 
(probably not a PowerPoint viewer) is used in controlling a catalytic 
cracker, then a DOS is a lot more serious.

Goetz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Month of ActiveX Bug
  - From: bugtraq
- Re: [Full-disclosure] Month of ActiveX Bug
  - From: Steven Adair

Prev by Date: [Full-disclosure] Mini Web Shop v.2 vulnerable to XSS
Next by Date: Re: [Full-disclosure] Vulnerabilities Hashes DB needed
Previous by thread: Re: [Full-disclosure] Month of ActiveX Bug
Next by thread: Re: [Full-disclosure] Month of ActiveX Bug
Index(es):
- Date
- Thread