|
|
BugTraq
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 11 2004 07:04PM Boyce, Nick (nick boyce eds com) (2 replies) Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 13 2004 10:41PM Joshua Levitsky (jlevitsk joshie com) |
|
Privacy Statement |
> version: 4.4.3388
[snip]
> The file versions for MSASN1.DLL listed in
> http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
> are all of the form 5.m.nnnn.x, so it may be that the Win98
> version is so much older that it doesn't contain the vulnerable
> code ...
If reference implementation is flawed, then "may be" seems not.
And it's reported as such.
If Microsoft were to support "legacy users", they'd put out a
public update for that; else at least considerable part of those
are left with something like zlib-related headache: buried deep
down there and unsupported thus not fixed, but you never know if
someone really needs to get in.
--
---- WBR, Michael Shigorin <mike (at) altlinux (dot) ru [email concealed]>
------ Linux.Kiev http://www.linux.kiev.ua/
[ reply ]