funsec mailing list archives
RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs
From: "Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>
Date: Wed, 16 Nov 2005 07:56:41 +0530
CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install
code
from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet.
Does deleting codesupport from "downloaded program files" ie the actvix cache folder solve this problem ? Also does someone has its CLASSID so it can be added to the block list ? ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Richard M. Smith (Nov 15)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Aditya Deshmukh (Nov 15)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Richard M. Smith (Nov 15)
- <Possible follow-ups>
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Hubbard, Dan (Nov 16)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Matt Jonkman (Nov 16)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Aditya Deshmukh (Nov 15)