Re: [Full-disclosure] Month of ActiveX Bug
- From: Goetz Von Berlichingen <goetzvonberlichingen@xxxxxxxxxxx>
- Date: Sun, 06 May 2007 10:02:06 -0600
Steven Adair wrote:
However, regardless of whether it results in remote code execution, I
don't think a DoS should necessarily be discounted as frivolous or
irrelevant. It might not rank up there with critical or high
vulnerabilities, but it is a vulnerability nonetheless.
The severity of a DOS is entirely context dependent. That's why
software users need to informed about the DOS so they can decide how
critical it is in their context. A home user who rarely uses an ActiveX
.ocx may consider a DOS of that feature negligible. If that ocx
(probably not a PowerPoint viewer) is used in controlling a catalytic
cracker, then a DOS is a lot more serious.
Goetz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Re: [Full-disclosure] Month of ActiveX Bug
- From: bugtraq
- Re: [Full-disclosure] Month of ActiveX Bug
- From: Steven Adair
- Re: [Full-disclosure] Month of ActiveX Bug
- Prev by Date: [Full-disclosure] Mini Web Shop v.2 vulnerable to XSS
- Next by Date: Re: [Full-disclosure] Vulnerabilities Hashes DB needed
- Previous by thread: Re: [Full-disclosure] Month of ActiveX Bug
- Next by thread: Re: [Full-disclosure] Month of ActiveX Bug
- Index(es):
Relevant Pages
|
