[funsec] Sony's Web-Based Uninstaller Opens a Big Security Hole;
Sony to Recall Discs
Richard M. Smith
rms at computerbytesman.com
Tue Nov 15 20:43:14 CST 2005
2). Don't know
From: Aditya Deshmukh [mailto:aditya.deshmukh at online.gateway.strangled.net]
Sent: Tuesday, November 15, 2005 9:27 PM
To: 'Richard M. Smith'; funsec at linuxbox.org
Subject: RE: [funsec] Sony's Web-Based Uninstaller Opens a Big Security
Hole;Sony to Recall Discs
> CodeSupport remains on your system after you leave Sony's site, and it
> is marked as safe for scripting, so any web page can ask CodeSupport
> to do things. One thing CodeSupport can be told to do is download and
> from an Internet site. Unfortunately, CodeSupport doesn't verify that
> the downloaded code actually came from Sony or First4Internet.
Does deleting codesupport from "downloaded program files" ie the actvix
cache folder solve this problem ?
Also does someone has its CLASSID so it can be added to the block list ?
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
More information about the funsec