[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

To: Les Ault <aultl@comcast.net>
Subject: Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: "J. Theriault" <administrator@maginetworks.com>
Date: Wed, 11 Feb 2004 06:49:31 +0100

Les Ault wrote:

Apparently there are 7 upcoming advisories, and the oldest one is 93 days old.

Link: http://www.eeye.com/html/Research/Upcoming/index.html


You forgot to mention that two "93days overdue" 153-days-since-reported
vulnerabilities are complete remote root for all server OSes...

I even feel sorry for their customers for this lack of service.

Actually, IIRC, I think that dawdling this long might even be illegal under German law, something I'll have to look up later...

J. Theriault
administrator@maginetworks.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
  - From: "Les Ault" <aultl@comcast.net>

Prev by Date: [Full-Disclosure] DoomJuice.B
Next by Date: RE: [Full-Disclosure] m$ posters
Previous by thread: Re: [Full-Disclosure] Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption)
Next by thread: RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Index(es):
- Date
- Thread