I would like to add that Symantec has been notified by myself, and should already have been aware of an issue due to another Bugtraq post on POProxy and the potential for a DoS attack. Cheers, Nick > >From: Matt Conover <shokat_private> > >Subject: Norton Email Protection Remote Overflow (Addendum) > >X-To: bugtraqat_private > >To: BUGTRAQat_private > > > >This was going to be w00giving #11 (w00giving #10 will be posted within > >the next few days). Anyway, this allows EIP to be overwritten with 265+ > >bytes, which person who posted this vulnerability failed to mention or > >failed to notice. It's unclear if he labeled it as a DoS because he > >didn't realize it overwrote EIP or because he was unable to produce an > >exploit. We have not had a chance to write an exploit and we will also > >try to do that within the next few days. > > > >w00w00 Security Development > > > >Title: Buffer Overflow in POProxy (Norton Antivirus 2000) > >Platforms: Windows 95/98/NT/2000 > >Date: 11th December, 1999 > >Last Updated: n/a > >Vendor Notified: n/a > >Author: Nicholas Brawn <ncbat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:15 PDT