Re: [Full-Disclosure] Symantec ActiveX control buffer overflow

From: Cesar (cesarc56_at_yahoo.com)
Date: 06/24/03

Next message: Shawn McMahon: "Re: [Full-Disclosure] Sql Injection big5 consultancy"

Previous message: joseph blater: "Re: [Full-Disclosure] Sql Injection big5 consultancy"
In reply to: Georgi Guninski: "Re: [Full-Disclosure] Symantec ActiveX control buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Tue, 24 Jun 2003 11:50:11 -0700 (PDT)

I didn't post it to bugtraq, anyways they would hide
the advisory until a fix were ready, this is a common
practice in some SecurityFocus mailing lists.
I won't post anymore advisories to SecurityFocus
mailing lists, they use to not aprove my posts so f*ck
them. One time they ask me to give them some bug
details and post it to bugtraq and i didn't accept,
then when i wanted to post the bug advisory they
didn't aprove my post. Also SecurityFocus is a
Symantec company and Symantec is member of oisafety
group so in future bugtraq will be full of old news if
Symantec will lead by example about the 30-day grace
period and all that ... It took me 1 minute to find
the bug, i wonder if Symatec is a security company
they should be more serious, shouldn't they?.

Cesar.

--- Georgi Guninski <guninski@guninski.com> wrote:
> Cesar wrote:
> > Vendor Status :
> >
> > I really sorry Symantec i forgot about the 30-day
> > grace period (see "Security Vulnerability
> Reporting
> > and Response Process",
> > http://www.oisafety.org/process.html), also i
> forgot
> > to report it :)
> > This is really funny Symantec try to protect users
> and
> > they intruduce dangerous ActiveX controls in users
> > computers. I think that maybe this control should
> be
> > inroduced in Norton virus list :). I wonder if
> this
> > advisory will be on Security Focus news or
> > vulnerability database.
> >
> >
>
> Did you post this to bugtraq, can't see it there?
>
> There is funny self promoting msg on bugtraq from
> symantec regarding this bug.
>
> georgi
>

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Shawn McMahon: "Re: [Full-Disclosure] Sql Injection big5 consultancy"

Previous message: joseph blater: "Re: [Full-Disclosure] Sql Injection big5 consultancy"
In reply to: Georgi Guninski: "Re: [Full-Disclosure] Symantec ActiveX control buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] Symantec Buys SecurityFocus, among others....
... Symantec Buys SecurityFocus, ... >that would harm bugtraq. ... to license the Vulnerability Database to security product vendors, ...
(Full-Disclosure)
[Full-Disclosure] Symantec Buys SecurityFocus, among others....
... Symantec Buys SecurityFocus, ... >that would harm bugtraq. ... to license the Vulnerability Database to security product vendors, ...
(Full-Disclosure)
[Full-Disclosure] Symantec Buys SecurityFocus, among others....
... Symantec Buys SecurityFocus, ... >that would harm bugtraq. ... to license the Vulnerability Database to security product vendors, ...
(Full-Disclosure)
SF archives (was: RE: Majordomo Could Mean Major Spam)
... > of 80 subject related emails a day from the two lists on bugtraq I want. ... Bugtraq's official archives are on the SecurityFocus Web page at ... SecurityFocus has always run Bugtraq since the very beginning. ... We already changed the way we archive messages for all mailing lists ...
(Security-Basics)
Administrivia: [Important] Community Involvement in the Future of Bugtraq
... We here at SecurityFocus value the community and would like to ... involve you, the Bugtraq subscribers, in its operation. ... David Mirza Ahmad & and the rest of the staff of SecurityFocus. ...
(Bugtraq)