Bugtraq mailing list archives
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Michael Shigorin <mike () osdn org ua>
Date: Sat, 14 Feb 2004 13:13:18 +0200
On Wed, Feb 11, 2004 at 07:04:31PM -0000, Boyce, Nick wrote:
version: 4.4.3388
[snip]
The file versions for MSASN1.DLL listed in http://www.microsoft.com/technet/security/bulletin/MS04-007.asp are all of the form 5.m.nnnn.x, so it may be that the Win98 version is so much older that it doesn't contain the vulnerable code ...
If reference implementation is flawed, then "may be" seems not. And it's reported as such. If Microsoft were to support "legacy users", they'd put out a public update for that; else at least considerable part of those are left with something like zlib-related headache: buried deep down there and unsupported thus not fixed, but you never know if someone really needs to get in. -- ---- WBR, Michael Shigorin <mike () altlinux ru> ------ Linux.Kiev http://www.linux.kiev.ua/
Attachment:
_bin
Description:
Current thread:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Drew Copley (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Boyce, Nick (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Michael Shigorin (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joshua Levitsky (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Bill Gallagher (Feb 15)