Bugtraq mailing list archives
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: "Drew Copley" <dcopley () eeye com>
Date: Wed, 11 Feb 2004 14:47:14 -0800
-----Original Message----- From: Rainer Gerhards [mailto:rgerhards () hq adiscon com] Sent: Wednesday, February 11, 2004 1:11 AM To: Tina Bird Cc: BUGTRAQ () securityfocus com Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
<snip>
But I think the bottom line of all this is if a box is listening to 135, 139 OR 445, it is vulnerable. And workstations by default listen to this ports.
If you use Outlook, you are vulnerable. If you use Internet Explorer, you are vulnerable. If you use Outlook Express, you are vulnerable. "Software Affected: Microsoft Internet Explorer Microsoft Outlook Microsoft Outlook Express Third-party applications that use certificates" Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html Speaking of this bug. We have noted, perhaps outside of the advisory, that we could send a malformed, digitally signed email and it could be the exploit point -- further, the email would not even have to be viewed. That is just one potential avenue of attack. <snip>
I am pretty sure it can. Rainer
Current thread:
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Drew Copley (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Boyce, Nick (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Michael Shigorin (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joshua Levitsky (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Bill Gallagher (Feb 15)