Anyone want to exploit the bug? Symantec is very happy to help attackers: http://enterprisesecurity.symantec.com/SecurityServices/content.cfm?ArticleID=682&EID=";><script>alert()</script>
Cesar. --- Jason Coombs <[EMAIL PROTECTED]> wrote: > Aloha, Symantec Security. > > Two questions: > > 1) Does this ActiveX control bear a digital > signature? If so, the problem it > causes does not go away simply because there is a > new version available from > Symantec. An attacker in possession of the bad code > with its attached digital > signature can fool a victim whose computer does not > currently have the > vulnerable code installed into trusting the ActiveX > control due to the fact > that Symantec's digital signature will validate > against the trusted root CA > certificate present by default in Windows -- the > existence of the digital ..... __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
