Dailydave mailing list archives
Re[2]: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007
From: Halvar Flake <halvar () gmx de>
Date: Wed, 11 Feb 2004 20:24:18 +0100
Hey all, N> And that's probably the same thing for the US-CERT and the N> "Vulnerabilities Cartel" created by ISS, Foundstone, @stake, ... N> So, from this page [1], we can deduce that there's numerous guys (at N> least one hundred ?) knowing about 2 HIGH severity vulns in MS products N> for half a year. I personally think that anyone who looked seriously at MSASN1.DLL could've had these vulns, and after the H323 bugs I would assume many people took an interest and looked at it (which they didn't do before). But then again, is there anyone surprised at all ? I think with a piece of soft as complex as Windows, we can safely assume that at any given point in time some group of people will have a remote for it (if you don't want to accept this notion, take iexplore into the picture and the prospect of client-side exploitation). Ahwell. I personally have this weird idea that we're by far not done with MSASN1.DLL. Cheers, Halvar _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Bradley, Terry (CONTR) (Feb 11)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Dave Aitel (Feb 11)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Nicob (Feb 11)
- Re[2]: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Halvar Flake (Feb 11)
- RE: Re[2]: ASN.1 Vulnerability Could Allow Code Execution(828028); Microsoft Security Bulletin MS04-007 Brett Moore (Feb 11)
- Re[4]: ASN.1 Vulnerability Could Allow Code Execution(828028); Microsoft Security Bulletin MS04-007 Halvar Flake (Feb 12)
- RE: Re[4]: ASN.1 Vulnerability Could Allow CodeExecution(828028); Microsoft Security Bulletin MS04-007 john blumenthal (Feb 15)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Nicob (Feb 11)
- Re: Re[2]: ASN.1 Vulnerability Could Allow Code Execution(828028); Microsoft Security Bulletin MS04-007 Matt Hargett (Feb 11)
- Re: ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007 Dave Aitel (Feb 11)