[33754] in bugtraq
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
daemon@ATHENA.MIT.EDU (Joshua Levitsky)
Mon Feb 16 20:07:56 2004
Message-ID: <00af01c3f282$908177a0$6401a8c0@corp.ad.timeinc.com>
From: "Joshua Levitsky" <jlevitsk@joshie.com>
To: "Boyce, Nick" <nick.boyce@eds.com>, <BUGTRAQ@securityfocus.com>
Cc: "'Marc Maiffret'" <mmaiffret@eeye.com>
Date: Fri, 13 Feb 2004 17:41:45 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
Sent: Wednesday, February 11, 2004 2:04 PM
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
> At the risk of boring everyone with thoughts of "obsolete" technology, I
> note that Win98SE systems with Internet Explorer 6 SP1 and all current
fixes
> contain the library MSASN1.DLL :
>
> location: {system drive}\WINDOWS\SYSTEM
> version: 4.4.3388
> size: 51,984 bytes
> date: 23rd.October.2000
I asked my TAM this very question. Microsoft's response was "This is under
investigation by PSS security. If it is affected, per our support policy, a
patch should be issued. More to come..." So if there is a problem then
expect a patch. Remember that the Windows 98 support was extended a few
years so it no longer expired last month. I was rather pleased with
Microsoft that they were actively looking in to this, and that a patch would
come if it was needed.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
