RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: Drew Copley (dcopley_at_eeye.com)
Date: 02/11/04

Next message: Peter J. Holzer: "Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")"

Previous message: Tim Yamin: "[ GLSA 200402-03 ] Monkeyd Denial of Service vulnerability"
Maybe in reply to: Marc Maiffret: "EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Next in thread: Boyce, Nick: "RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 11 Feb 2004 14:47:14 -0800
To: "Rainer Gerhards" <rgerhards@hq.adiscon.com>, "Tina Bird" <tbird@precision-guesswork.com>

> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com]
> Sent: Wednesday, February 11, 2004 1:11 AM
> To: Tina Bird
> Cc: BUGTRAQ@securityfocus.com
> Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow
> Heap Corruption
>
<snip>

> But I think the bottom line of all this is if a box is
> listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default
> listen to this ports.

If you use Outlook, you are vulnerable.

If you use Internet Explorer, you are vulnerable.

If you use Outlook Express, you are vulnerable.

"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"

Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html

Speaking of this bug.

We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed.

That is just one potential avenue of attack.

<snip>

> I am pretty sure it can.
>
> Rainer
>
>

Next message: Peter J. Holzer: "Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")"

Previous message: Tim Yamin: "[ GLSA 200402-03 ] Monkeyd Denial of Service vulnerability"
Maybe in reply to: Marc Maiffret: "EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Next in thread: Boyce, Nick: "RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Deleting Folders When Outlook Closes
... be listened to on the Explorer due to a design time issue with the ... Sue Mosher, Outlook MVP ... > search folder? ... When I try listening to the two com add-in events ...
(microsoft.public.outlook.program_addins)
Re: Commons motions on Radio 4 theme (The Archers could be next - beware!)
... morning we started listening to WS at 4.30am, ... "Outlook" (after the 04:00 news) is a superb magazine like programme ... I do like Outlook With Me ... Heather Peyton, and OTS is good, too - as you say, reruns of BaB and the ...
(uk.media.radio.archers)
Re: The new Mac advert
... Stems from a different outlook, ... heard before, I reckon. ... tinnitus noise masking with the addition of some video stimulus should ... That's the only music listening I do these days, ...
(uk.comp.sys.mac)
Re: Commons motions on Radio 4 theme (The Archers could be next - beware!)
... morning we started listening to WS at 4.30am, ... "Outlook" is a superb magazine like programme ... I do like Outlook With Me ... Heather Peyton, and OTS is good, too - as you say, reruns of BaB and the ...
(uk.media.radio.archers)
Windows XP SP2 Problems
... I opened START and noticed that all the icons on the left side were also gone. ... missing icons were not listed. ... Outlook Express and Microsoft Internet Explorer ... I will reinstall Microsoft Internet Explorer 7 and see if it works. ...
(microsoft.public.windowsxp.help_and_support)