[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

To: "Rainer Gerhards" <rgerhards@hq.adiscon.com>, "Tina Bird" <tbird@precision-guesswork.com>
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: "Drew Copley" <dcopley@eeye.com>
Date: Wed, 11 Feb 2004 14:47:14 -0800

 

> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] 
> Sent: Wednesday, February 11, 2004 1:11 AM
> To: Tina Bird
> Cc: BUGTRAQ@securityfocus.com
> Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow 
> Heap Corruption
> 
<snip>

> But I think the bottom line of all this is if a box is 
> listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default 
> listen to this ports.

If you use Outlook, you are vulnerable.

If you use Internet Explorer, you are vulnerable.

If you use Outlook Express, you are vulnerable.

"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"

Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html

Speaking of this bug.

We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed. 

That is just one potential avenue of attack.




<snip>

> I am pretty sure it can.
> 
> Rainer
> 
>

Prev by Date: [ GLSA 200402-03 ] Monkeyd Denial of Service vulnerability
Next by Date: Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
Previous by thread: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Next by thread: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Index(es):
- Date
- Thread