Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: James Riden (j.riden_at_massey.ac.nz)
To: "Marc Maiffret" <firstname.lastname@example.org> Date: Wed, 11 Feb 2004 13:04:55 +1300
"Marc Maiffret" <email@example.com> writes:
> This attack can be performed through various encryption systems such as
> Kerberos and almost anything using CERTs... I am not sure about
> Microsofts wording in their advisory.
I think they use the ominous phrase "many possible vectors"; if
anything kicks off, containing it may not be anything like as easy as
blocking 135/tcp. How easy does it look to exploit it?
Regardless, this one is going to get patched ASAP here.
-- James Riden / firstname.lastname@example.org / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer.