Bugtraq mailing list archives
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: "Boyce, Nick" <nick.boyce () eds com>
Date: Wed, 11 Feb 2004 19:04:31 -0000
On 10.Feb.2004, Marc Maiffret wrote :
Systems Affected: Microsoft Windows NT 4.0 (all versions) Microsoft Windows 2000 (SP3 and earlier) crosoft Windows XP (all versions) Software Affected: Microsoft Internet Explorer Microsoft Outlook Microsoft Outlook Express Third-party applications that use certificates
At the risk of boring everyone with thoughts of "obsolete" technology, I
note that Win98SE systems with Internet Explorer 6 SP1 and all current fixes
contain the library MSASN1.DLL :
location: {system drive}\WINDOWS\SYSTEM
version: 4.4.3388
size: 51,984 bytes
date: 23rd.October.2000
Since the library is apparently used by IE to process webserver SSL
certificates, can anyone comment on the likely vulnerability of Win98SE
systems to this flaw (as presented by malicious websites with suitably
crafted server certificates) ? As is noted here regularly, there are a lot
of Win98 systems still out there.
The file versions for MSASN1.DLL listed in
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp are all of
the form 5.m.nnnn.x, so it may be that the Win98 version is so much older
that it doesn't contain the vulnerable code ...
Nick Boyce
EDS, Bristol, UK
Current thread:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Drew Copley (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Boyce, Nick (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Michael Shigorin (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joshua Levitsky (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Bill Gallagher (Feb 15)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
