Wednesday, November 16, 2005

Sony XCP uninstaller opens a new security hole!

The first version of the uninstall software that Sony has delivered opens yet another security hole according to a Princeton researcher -

Due to a serious design flaw, the CodeSupport component allows any web site you visit to download and run software on your computer. A malicious web site author can write an evil program, package up that program appropriately, put the packaged code at some URL, and then write a web page that causes CodeSupport to download and run code from that URL.


Read more here Update: Sony Uninstaller Hole Stays Open

No comments: