Re: Symantec ActiveX control buffer overflow

[Cesar <cesarc56 () yahoo com>]

I didn't post it to bugtraq, anyways they would hide
the advisory until a fix were ready, this is a common
practice in some SecurityFocus mailing lists.
I won't post anymore advisories to SecurityFocus
mailing lists, they use to not aprove my posts so f*ck
them. One time they ask me to give them some bug
details and post it to bugtraq and i didn't accept,
then when i wanted to post the bug advisory they
didn't aprove my post. Also SecurityFocus is a
Symantec company and Symantec is member of oisafety
group so in future bugtraq will be full of old news if
Symantec will lead by example about the 30-day grace
period and all that ... It took me 1 minute to find
the bug, i wonder if Symatec is a security company
they should be more serious, shouldn't they?.


Cesar.

--- Georgi Guninski <guninski () guninski com> wrote:
> Cesar wrote:
> > Vendor Status :
> >
> > I really sorry Symantec i forgot about the 30-day
> > grace period (see  "Security Vulnerability
> Reporting 
> > and Response Process",
> > http://www.oisafety.org/process.html), also i
> forgot
> > to report it :)
> > This is really funny Symantec try to protect users
> and
> > they intruduce dangerous ActiveX controls in users
> > computers. I think that maybe this control should
> be
> > inroduced in Norton virus list :). I wonder if
> this
> > advisory will be on Security Focus news or
> > vulnerability database.
>
> Did you post this to bugtraq, can't see it there?
>
> There is funny self promoting msg on bugtraq from
> symantec regarding this bug.
>
> georgi


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html