Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability

Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability

References:

IIS ASN.1 Bit String SPNEGO exploit (CORE Security)
Microsoft Security Bulletin MS04-007 (Microsoft)
VU#216324 - Microsoft ASN.1 Library improperly decodes malformed ASN.1 length va (CERT/CC)
ASN.1 vulnerability -is- on Win98 ("Joshua Levitsky" )
EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption ("Marc Maiffret" )

Privacy Statement
Copyright 2010, SecurityFocus