> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards (at) hq.adiscon (dot) com [email concealed]]
> Sent: Wednesday, February 11, 2004 1:11 AM
> To: Tina Bird
> Cc: BUGTRAQ (at) securityfocus (dot) com [email concealed]
> Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow
> Heap Corruption
>
<snip>
> But I think the bottom line of all this is if a box is
> listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default
> listen to this ports.
If you use Outlook, you are vulnerable.
If you use Internet Explorer, you are vulnerable.
If you use Outlook Express, you are vulnerable.
"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"
We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed.
> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards (at) hq.adiscon (dot) com [email concealed]]
> Sent: Wednesday, February 11, 2004 1:11 AM
> To: Tina Bird
> Cc: BUGTRAQ (at) securityfocus (dot) com [email concealed]
> Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow
> Heap Corruption
>
<snip>
> But I think the bottom line of all this is if a box is
> listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default
> listen to this ports.
If you use Outlook, you are vulnerable.
If you use Internet Explorer, you are vulnerable.
If you use Outlook Express, you are vulnerable.
"Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates"
Ref: http://www.eeye.com/html/Research/Advisories/AD20040210.html
Speaking of this bug.
We have noted, perhaps outside of the advisory, that we could send a
malformed, digitally signed email and it could be the exploit point --
further, the email would not even have to be viewed.
That is just one potential avenue of attack.
<snip>
> I am pretty sure it can.
>
> Rainer
>
>
[ reply ]