RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards@xxxxxxxxxxxxxx]
> Sent: Wednesday, February 11, 2004 1:11 AM
> To: Tina Bird
> Cc: BUGTRAQ@xxxxxxxxxxxxxxxxx
> Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow
> Heap Corruption
>
<snip>
> But I think the bottom line of all this is if a box is
> listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default
> listen to this ports.
If you use Outlook, you are vulnerable.
If you use Internet Explorer, you are vulnerable.
If you use Outlook Express, you are vulnerable.
"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"
Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html
Speaking of this bug.
We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed.
That is just one potential avenue of attack.
<snip>
> I am pretty sure it can.
>
> Rainer
>
>