Bugtraq mailing list archives
Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 May 2009 11:45:50 +1200
Symantec Product Security Team <secure () symantec com> wrote:
Symantec discontinued sales and support for Winfax Pro in early 2006. As such, there will be no further updates to the product. Anyone running a legacy version of this product and concerned about this issue may want to follow the procedures outlined in MSKB 240797 http://support.microsoft.com/kb/240797 to set the killbit for this control to prevent it from being called.
As you're effectively saying you've abandoned the product, might not the best course of action be for you to ask MS to add that its Patch Tuesday third-party killbit list so it is done for those who don't now better? That is, those who need the most help? That's what I'd consider the reasonable thing to do, _particularly_ for a security product developer. Hopefully MS can get it into the next patch kit (probably unlikely now?) before someone takes the published PoC and adds it to one or more of the various web exploitation kits out there... Regards, Nick FitzGerald
Current thread:
- Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit Nick FitzGerald (May 01)