|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re[2]: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Wed Oct 06 2004 - 06:17:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Simon,
--Tuesday, October 5, 2004, 11:03:16 PM, you wrote to miguel.dilajpharma.novartis.com:
>>
S> Looks like a usability versus security issue, where usability takes
S> priority.
In this very case issue is too serious (by accessing password protected
functions in Kaspersky Antivirus user can schedule his own task to run
with LocalSystem privileges). This is good old design flow again: user's
privileges are checked by client component only.
--
~/ZARAZA
Стреляя во второй раз, он искалечил постороннего. Посторонним был я. (Твен)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]