[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

To: Philippe <philippe.letrait@laposte.net>
Subject: Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: jeremy@austin.ibm.com
Date: Wed, 11 Feb 2004 09:41:28 -0600

Quoting Philippe (philippe.letrait@laposte.net):
> Note that nessus or retina should (not tested) detect remotely that flaw.
> 
> See nessus pluging source for exploit ;-):
> - http://cgi.nessus.org/plugins/dump.php3?id=12052
 
I just checked the nessus plugin.  It's just checking for registry
entries.  There's nothing like a mad l33t registry key reader exploit.

jeremy

-- 
Jeremy Kelley  <jeremy@austin.ibm.com>      Threat Assessment Analyst
  jeremy's opinions are definitely not ibm policy, 
  if so, he'd have a waaay nicer office.   :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] (kind of off topic) this book has been writen. is Mitnick a monkey or what?
  - From: adam@huntrecruiting.com

References:
- Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
  - From: Philippe <philippe.letrait@laposte.net>

Prev by Date: RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
Next by Date: Re: [Full-Disclosure] How much longer?
Previous by thread: Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Next by thread: [Full-Disclosure] (kind of off topic) this book has been writen. is Mitnick a monkey or what?
Index(es):
- Date
- Thread