Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability

The following updated proof of concept denial of service exploit (Tested on Windows 2000 Pro SP4(fr)) has been supplied by Christophe Devine. The exploit, if successful, will trigger an exception in LSASS. If LSASS fails, the affected server will reportedly reboot after approximately 1 minute.

It has been reported that the discoverers of this vulnerability have developed a proof-of-concept exploit. This exploit is not publicly available nor believed to be circulating in the wild.


Privacy Statement
Copyright 2010, SecurityFocus