Re: [Full-disclosure] Month of ActiveX Bug



Steven Adair wrote:
However, regardless of whether it results in remote code execution, I
don't think a DoS should necessarily be discounted as frivolous or
irrelevant. It might not rank up there with critical or high
vulnerabilities, but it is a vulnerability nonetheless.

The severity of a DOS is entirely context dependent. That's why
software users need to informed about the DOS so they can decide how
critical it is in their context. A home user who rarely uses an ActiveX
.ocx may consider a DOS of that feature negligible. If that ocx
(probably not a PowerPoint viewer) is used in controlling a catalytic
cracker, then a DOS is a lot more serious.

Goetz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
    ... Just a few cents - DoS in webbrowsers doesn't fall under the category of "vulnerabilities" rather more of "annoyances". ... Although I don't deny the fact that certain DoS attacks *may lead* or *may serve as hints* to other more serious exploits, but that's a different topic and with ASLR in the scene, a very grey area of discussion. ... XSS can be of various kinds and most of them can be attributed to the design of the web technologies/protocols specifications and the browsers can only do that much. ... But about DoS holes they didn't answer in 99% of time. ...
    (Bugtraq)
  • Multiple PHP4/PHP5 vulnerabilities
    ... Title: Multiple PHP4/PHP5 vulnerabilities ... PHP4/PHP5 wordwrap() buffer overflow ... string break character. ... it is also possible to cause memory DoS ...
    (Bugtraq)
  • Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
    ... they'll give their IDs to these vulnerabilities (I posted three ... That all browser vendors in most cases don't care about DoS holes ... Explorer, Chrome and Opera ... I want to warn you about security vulnerabilities in different browsers. ...
    (Full-Disclosure)
  • [OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype)
    ... Multiple security issues exist in the FreeType font rendering ... Service (DoS) and possibly execute arbitrary code via unknown vectors, ... Vulnerabilities and Exposures project assigned the id ... Common Vulnerabilities and Exposures project assigned the ...
    (Bugtraq)
  • [Full-Disclosure] SecurityFocus found a vulnerability in IIS
    ... > The reason the exploit caused a DoS is because the OpenSSL ... > vulnerabilities and vulnerabilities discovered by EEYE overlap. ... BID 9660 - "Microsoft IIS Unspecified Remote Denial Of Service ...
    (Full-Disclosure)