<<< Date Index >>>     <<< Thread Index >>>

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption



 

> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards@xxxxxxxxxxxxxx] 
> Sent: Wednesday, February 11, 2004 1:11 AM
> To: Tina Bird
> Cc: BUGTRAQ@xxxxxxxxxxxxxxxxx
> Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow 
> Heap Corruption
> 
<snip>

> But I think the bottom line of all this is if a box is 
> listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default 
> listen to this ports.

If you use Outlook, you are vulnerable.

If you use Internet Explorer, you are vulnerable.

If you use Outlook Express, you are vulnerable.

"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"

Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html

Speaking of this bug.

We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed. 

That is just one potential avenue of attack.




<snip>

> I am pretty sure it can.
> 
> Rainer
> 
>