RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Boyce, Nick (nick.boyce_at_eds.com)
Date: 02/11/04
- Previous message: gsicht gsicht: "crob ftpd Denial of Service"
- Maybe in reply to: Marc Maiffret: "EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Next in thread: Michael Shigorin: "Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Reply: Michael Shigorin: "Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Reply: Joshua Levitsky: "Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: BUGTRAQ@securityfocus.com Date: Wed, 11 Feb 2004 19:04:31 -0000
On 10.Feb.2004, Marc Maiffret wrote :
> Systems Affected:
> Microsoft Windows NT 4.0 (all versions)
> Microsoft Windows 2000 (SP3 and earlier)
> crosoft Windows XP (all versions)
>
> Software Affected:
> Microsoft Internet Explorer
> Microsoft Outlook
> Microsoft Outlook Express
> Third-party applications that use certificates
At the risk of boring everyone with thoughts of "obsolete" technology, I
note that Win98SE systems with Internet Explorer 6 SP1 and all current fixes
contain the library MSASN1.DLL :
location: {system drive}\WINDOWS\SYSTEM
version: 4.4.3388
size: 51,984 bytes
date: 23rd.October.2000
Since the library is apparently used by IE to process webserver SSL
certificates, can anyone comment on the likely vulnerability of Win98SE
systems to this flaw (as presented by malicious websites with suitably
crafted server certificates) ? As is noted here regularly, there are a lot
of Win98 systems still out there.
The file versions for MSASN1.DLL listed in
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp are all of
the form 5.m.nnnn.x, so it may be that the Win98 version is so much older
that it doesn't contain the vulnerable code ...
Nick Boyce
EDS, Bristol, UK
- Previous message: gsicht gsicht: "crob ftpd Denial of Service"
- Maybe in reply to: Marc Maiffret: "EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Next in thread: Michael Shigorin: "Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Reply: Michael Shigorin: "Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Reply: Joshua Levitsky: "Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
