![]() ![]() "Trend Micro sent me a build to verify they had fixed the problem, it looks like they're no longer using ShellExecute, so it fixes the immediate problem of trivial command execution," Ormandy said. A new version of the antivirus has been released to address the remote-code execution hole, so information on the flaw is now available to all. Ormandy reported the flaws to Trend Micro last week, and as per Project Zero's policy, the software maker had 90 days to fix the issues before details of the bugs would be revealed in public. Because the password manager was so badly written, Ormandy found that a malicious script could not only execute code remotely, it could also steal all passwords stored in the browser using the flaws in Trend's software – even if they are encrypted.ĭear wtf were you thinking? This bug is completely ridiculous.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |