<<< Date Index >>>     <<< Thread Index >>>

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption



On 10.Feb.2004, Marc Maiffret wrote :

> Systems Affected:
> Microsoft Windows NT 4.0 (all versions)
> Microsoft Windows 2000 (SP3 and earlier)
> crosoft Windows XP (all versions)
> 
> Software Affected:
> Microsoft Internet Explorer
> Microsoft Outlook
> Microsoft Outlook Express
> Third-party applications that use certificates

At the risk of boring everyone with thoughts of "obsolete" technology, I
note that Win98SE systems with Internet Explorer 6 SP1 and all current fixes
contain the library MSASN1.DLL :

  location:  {system drive}\WINDOWS\SYSTEM
  version:  4.4.3388
  size:  51,984 bytes
  date: 23rd.October.2000

Since the library is apparently used by IE to process webserver SSL
certificates, can anyone comment on the likely vulnerability of Win98SE
systems to this flaw (as presented by malicious websites with suitably
crafted server certificates) ?   As is noted here regularly, there are a lot
of Win98 systems still out there.

The file versions for MSASN1.DLL listed in
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp are all of
the form 5.m.nnnn.x, so it may be that the Win98 version is so much older
that it doesn't contain the vulnerable code ...

Nick Boyce
EDS, Bristol, UK