Share This Profile
Share this profile on Facebook.
Link to this profile on LinkedIn.
Tweet this profile on Twitter.
Email a link to this profile.
See other services through which you can share this profile.
This profile was last updated on 7/8/14  and contains information from public web pages and contributions from the ZoomInfo community.

Vulnerability Analyst

Phone: (412) ***-****  HQ Phone
Email: w***@***.org
CERT Coordination Center
4500 Fifth Avenue
Pittsburgh, Pennsylvania 15213
United States

Company Description: The CERT┬« Coordination Center (CERT/CC) is located at the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie...   more

Employment History

  • Researcher
    CERT Coordination Center
  • Researcher
    Carnegie Mellon Software Engineering Institute
  • Software Vulnerability Analyst
    Carnegie Mellon Software Engineering Institute
  • Vulnerability Researcher At the CERT Coordination Center
    Carnegie Mellon Software Engineering Institute
120 Total References
Web References
"This control does not internally enforce ..., 8 July 2014 [cached]
"This control does not internally enforce any restrictions on which sites may invoke its methods, such as by using the SiteLock template," said Will Dormann, a vulnerability analyst at CERT/CC, in a security advisory published Monday. "This means that any website can invoke the methods exposed by the ScriptHelper ActiveX control."
Furthermore, upon installation, ScriptHelper is automatically placed on a list of pre-approved ActiveX controls in the system registry, bypassing a security feature first introduced in Internet Explorer 7 that prompts users for confirmation before executing ActiveX controls. It's also excluded from IE's Protected Mode, a security sandbox mechanism, Dormann said.
All these conditions make it possible for an attacker to execute malicious code on the computer of a user who has a vulnerable version of AVG Secure Search installed, if the user opens a specifically crafted HTML Web page, email message or attachment in Internet Explorer. The rogue code would be executed with the privileges of the logged-in user, Dormann said.
According to Dormann, this AVG Secure Search flaw is the perfect example of how third-party programs bundled with free software -- commonly known as adware, bloatware or foistware among users -- can increase the security risks for Internet users.
The vulnerability had been reported to ..., 24 Feb 2010 [cached]
The vulnerability had been reported to Adobe by Will Dormann, a researcher at the CERT Coordinating Center, last November.
The vulnerability was initially ..., 23 July 2014 [cached]
The vulnerability was initially discovered & reported to Adobe back in December of 2012 by Will Dormann, a security researcher on Carnegie Mellon University's Computer Emergency Response Team (CERT). There wasn't much fuss then, but the vulnerability is finally getting the attention it deserves after catching the eye of Brian Krebs of KrebsonSecurity, who caught wind of it after Dormann commented on a post reviewing the adoption rate of Adobe Flash Player updates.
In his 2012 advisory, Dormann wrote that Shockwave Player (the current version) comes with Flash version 11.5.502.146, which was last updated January 2013 and contains several exploitable vulnerabilities.
Will Dormann, a Carnegie ..., 12 Feb 2013 [cached]
Will Dormann, a Carnegie Mellon researcher who wrote the Java warning for the government, said the many flaws found in Java may partly stem from some security experts spending inordinate time scrutinizing it. He also noted that Java isn't the only software he's recommended disabling. He gave similar advice in December about Adobe's Macromedia Shockwave Player, which displays certain web content.
Even with Oracle's latest patches, he said it was unlikely the government would tell people "to turn it back on."
CERT's Podcast Series: Speaker Biographies, 28 July 2011 [cached]
Will Dormann
Will Dormann has been a software vulnerability analyst with Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) since 2004. His focus area includes web browser technologies, ActiveX, and fuzzing. Will has discovered thousands of vulnerabilities through the use of fuzzing tools and other techniques.
Other People with the name "Dormann":
Other ZoomInfo Searches
Accelerate your business with the industry's most comprehensive profiles on business people and companies.
Find business contacts by city, industry and title. Our B2B directory has just-verified and in-depth profiles, plus the market's top tools for searching, targeting and tracking.
Atlanta | Boston | Chicago | Houston | Los Angeles | New York
Browse ZoomInfo's business people directory. Our professional profiles include verified contact information, biography, work history, affiliations and more.
Browse ZoomInfo's company directory. Our company profiles include corporate background information, detailed descriptions, and links to comprehensive employee profiles with verified contact information.