Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: "Drew Copley" <dcopley () eeye com>
Date: Wed, 11 Feb 2004 14:47:14 -0800
 


-----Original Message-----
From: Rainer Gerhards [mailto:rgerhards () hq adiscon com] 
Sent: Wednesday, February 11, 2004 1:11 AM
To: Tina Bird
Cc: BUGTRAQ () securityfocus com
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow 
Heap Corruption


<snip>


But I think the bottom line of all this is if a box is 
listening to 135,
139 OR 445, it is vulnerable. And workstations by default 
listen to this ports.


If you use Outlook, you are vulnerable.

If you use Internet Explorer, you are vulnerable.

If you use Outlook Express, you are vulnerable.

"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"

Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html

Speaking of this bug.

We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed. 

That is just one potential avenue of attack.




<snip>


I am pretty sure it can.

Rainer
Previous By Date Next
Previous By Thread Next

Current thread: