Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit

[Nick FitzGerald <nick () virus-l demon co uk>]

Symantec Product Security Team <secure () symantec com> wrote:

> Symantec discontinued sales and support for Winfax Pro in early 2006. 
> As such, there will be no further updates to the product. 
>
> Anyone running a legacy version of this product and concerned about
> this issue may want to follow the procedures outlined in MSKB 240797
> http://support.microsoft.com/kb/240797 to set the killbit for this
> control to prevent it from being called. 

As you're effectively saying you've abandoned the product, might not 
the best course of action be for you to ask MS to add that its Patch 
Tuesday third-party killbit list so it is done for those who don't now 
better?  That is, those who need the most help?

That's what I'd consider the reasonable thing to do, _particularly_ for 
a security product developer.  Hopefully MS can get it into the next 
patch kit (probably unlikely now?) before someone takes the published 
PoC and adds it to one or more of the various web exploitation kits out 
there...


Regards,

Nick FitzGerald