BugTraq
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 10 2004 10:16PM
Tim Eddy (eddyt stgeorge com au) (2 replies)
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 11 2004 02:19PM
Timothy J.Miller (cerebus sackheads org) (1 replies)
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 14 2004 04:14PM
Florian Weimer (fw deneb enyo de)
Timothy J.Miller wrote:

> Is anyone else wondering why MS didn't fix this with the last round of
> ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It's
> basically the same problem.

Not really. AFAIK, they haven't fixed an equivalent to the xdr_array()
integer overflow in the NSVC run-time library, either. (I was rather
surprised to see an HP-UX advisory on this issue a couple of weeks ago,
though.)

[ reply ]
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 11 2004 11:59AM
Peter Pentchev (roam ringlet net)


 

Privacy Statement
Copyright 2010, SecurityFocus