funsec mailing list archives
Re: MoAxB - A month ain't long enough for ActiveX
From: "Fergie" <fergdawg () netzero net>
Date: Thu, 3 May 2007 23:42:12 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Richard M. Smith" <rms () computerbytesman com> wrote:
FYI. I actually think that a year plus is needed to list all of the security and DoS bugs in ActiveX controls.
A few days ago, I reported a crash bug to the Microsoft security folks in their newly release Silverlight ActiveX control (See http://www.microsoft.com/silverlight/install.aspx). I'm not sure if the bug is exploitable or not. Delivering a secure/DoS-free ActiveX control wirtten in C/C++ on the first try appears to be an impossible task.....
Just wait until you see this headline: "Web 2.0 Kills the Internet. Film at 11:00." Just wait. :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGOnNNq1pz9mNUZTMRAidBAJ44R4N00594tXWUoA4Og8H34EJWYgCeOBqD hrCYUhjBlAoKh9N58Sd91PQ= =guYj -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MoAxB - A month ain't long enough for ActiveX Richard M. Smith (May 03)
- <Possible follow-ups>
- Re: MoAxB - A month ain't long enough for ActiveX Fergie (May 03)