Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: James Riden (
Date: 02/11/04

  • Next message: Bender: "XFree86 vulnerability exploit"
    To: "Marc Maiffret" <>
    Date: Wed, 11 Feb 2004 13:04:55 +1300

    "Marc Maiffret" <> writes:

    > This attack can be performed through various encryption systems such as
    > Kerberos and almost anything using CERTs... I am not sure about
    > Microsofts wording in their advisory.

    I think they use the ominous phrase "many possible vectors"; if
    anything kicks off, containing it may not be anything like as easy as
    blocking 135/tcp. How easy does it look to exploit it?

    Regardless, this one is going to get patched ASAP here.

    James Riden / / Systems Security Engineer
    GPG public key available at:
    This post does not necessarily represent the views of my employer.

  • Next message: Bender: "XFree86 vulnerability exploit"

    Relevant Pages