Full Disclosure mailing list archives

Re: Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability

From: Michael Strutton <strutton () corp earthlink net>
Date: Fri, 26 Jan 2007 16:48:38 -0500

-------- Original Message --------
Subject: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe  
Methods Vulnerability
Date: Fri, 26 Jan 2007 02:23:51 +0800
From: Ethan Hunt <m34r () hackermail com>
To: full-disclosure () lists grok org uk

Title:
-------------------
Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability


A number of teams at EarthLink have reviewed both this claim and our  
code. We have concluded that this exploit does not exist. While we  
can not go into the details of our proprietary code, we can confirm  
validation methods are in place that would prevent an outsider from  
gaining access to the spamBlocker whitelist via these APIs.

Thanks,
Michael Strutton
Director Product Management, Client Software
EarthLink

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability Ethan Hunt (Jan 25)
- <Possible follow-ups>
- Re: Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability Michael Strutton (Jan 26)