Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: James Riden (j.riden_at_massey.ac.nz)
Date: 02/11/04

  • Next message: Bender: "XFree86 vulnerability exploit"
    To: "Marc Maiffret" <mmaiffret@eeye.com>
    Date: Wed, 11 Feb 2004 13:04:55 +1300
    
    

    "Marc Maiffret" <mmaiffret@eeye.com> writes:

    > This attack can be performed through various encryption systems such as
    > Kerberos and almost anything using CERTs... I am not sure about
    > Microsofts wording in their advisory.

    I think they use the ominous phrase "many possible vectors"; if
    anything kicks off, containing it may not be anything like as easy as
    blocking 135/tcp. How easy does it look to exploit it?

    Regardless, this one is going to get patched ASAP here.

    -- 
    James Riden / j.riden@massey.ac.nz / Systems Security Engineer
    GPG public key available at: http://www.massey.ac.nz/~jriden/
    This post does not necessarily represent the views of my employer.
    

  • Next message: Bender: "XFree86 vulnerability exploit"

    Relevant Pages