Quantcast
Making Security Measurable OVAL - Open Vulnerability and Assessment Language OVAL Repository Forum

DEF:12514 Update

classic Classic list List threaded Threaded
2 messages Options
Josh Turpin
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

DEF:12514 Update

Josh Turpin

I’ve removed tst:41989 and tst:42227.

 

This is because we have done extensive research around this vulnerability and found that the most updated versions of IE9 and IE8 do not resolve the vulnerability issued in CVE-2011-0347. We tested this vulnerability using the downloads found here: http://lcamtuf.coredump.cx/cross_fuzz/. The vulnerabilities still exist with the most recent updates for IE8 and IE9.

 

Regards,

 

 

Josh Turpin
www.symantec.com
________________________________

 
[hidden email]
________________________________

 

wordlogo

 

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.

 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

def-12514.xml (10K) Download Attachment
Hansbury, Matt
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: DEF:12514 Update

Hansbury, Matt
Hi Josh,

I have processed this submission and the content is now available in the OVAL Repository.

Thanks
Matt

-----Original Message-----
From: Josh Turpin [mailto:[hidden email]]
Sent: Friday, January 27, 2012 3:27 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] DEF:12514 Update

I've removed tst:41989 and tst:42227.

 

This is because we have done extensive research around this vulnerability and found that the most updated versions of IE9 and IE8 do not resolve the vulnerability issued in CVE-2011-0347. We tested this vulnerability using the downloads found here: http://lcamtuf.coredump.cx/cross_fuzz/. The vulnerabilities still exist with the most recent updates for IE8 and IE9.

 

Regards,

 

 

Josh Turpin
www.symantec.com <http://www.symantec.com/>
________________________________

 
[hidden email]
________________________________

 

wordlogo

 

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.

 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Loading...
Powered by Nabble Edit this page