Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: James Riden (j.riden_at_massey.ac.nz)
Date: 02/11/04
- Previous message: Drew Copley: "RE: Another Low Blow From Microsoft: MBSA Failure!"
- In reply to: Marc Maiffret: "RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Next in thread: Marc Maiffret: "RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marc Maiffret" <mmaiffret@eeye.com> Date: Wed, 11 Feb 2004 13:04:55 +1300
"Marc Maiffret" <mmaiffret@eeye.com> writes:
> This attack can be performed through various encryption systems such as
> Kerberos and almost anything using CERTs... I am not sure about
> Microsofts wording in their advisory.
I think they use the ominous phrase "many possible vectors"; if
anything kicks off, containing it may not be anything like as easy as
blocking 135/tcp. How easy does it look to exploit it?
Regardless, this one is going to get patched ASAP here.
-- James Riden / j.riden@massey.ac.nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer.
- Previous message: Drew Copley: "RE: Another Low Blow From Microsoft: MBSA Failure!"
- In reply to: Marc Maiffret: "RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Next in thread: Marc Maiffret: "RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
