Re: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
- From: Michael Strutton <strutton@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Jan 2007 16:48:38 -0500
-------- Original Message --------
Subject: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe
Methods Vulnerability
Date: Fri, 26 Jan 2007 02:23:51 +0800
From: Ethan Hunt <m34r@xxxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Title:
-------------------
Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
A number of teams at EarthLink have reviewed both this claim and our
code. We have concluded that this exploit does not exist. While we
can not go into the details of our proprietary code, we can confirm
validation methods are in place that would prevent an outsider from
gaining access to the spamBlocker whitelist via these APIs.
Thanks,
Michael Strutton
Director Product Management, Client Software
EarthLink
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability
- Next by Date: [Full-disclosure] [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability
- Previous by thread: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
- Next by thread: [Full-disclosure] [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]
- Index(es):
