MS04-007

TheMSsForum.com: The Microsoft Software Forum

Does anyone have more information about what services and
application this security patch directly effects? From
what Ive ready, its SNMP and AD - are there more?
Top

Re: MS04-007 by Torgeir

Torgeir
Tue Feb 10 16:42:53 CST 2004

manwell wrote:

> Does anyone have more information about what services and
> application this security patch directly effects? From
> what Ive ready, its SNMP and AD - are there more?

Hi

Microsoft ASN.1 Library Length Overflow Heap Corruption
http://www.eeye.com/html/Research/Advisories/AD20040210.html

<quote>

Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates

Services Affected:
Kerberos (UDP/88)
Microsoft IIS using SSL
NTLMv2 authentication (TCP/135, 139, 445)


Description:

eEye Digital Security has discovered a critical vulnerability in
Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker
to overwrite heap memory on a susceptible machine and cause the
execution of arbitrary code. Because this library is widely used by
Windows security subsystems, the vulnerability is exposed through an
array of avenues, including Kerberos, NTLMv2 authentication, and
applications that make use of certificates (SSL, digitally-signed
e-mail, signed ActiveX controls, etc.).

</quote>

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter


Top

Re: MS04-007 by Susan

Susan
Wed Feb 11 02:49:05 CST 2004

This one is deep and nasty. Put this on your testing plan for quick
action ASAP

Torgeir Bakken (MVP) wrote:
> manwell wrote:
>
>
>>Does anyone have more information about what services and
>>application this security patch directly effects? From
>>what Ive ready, its SNMP and AD - are there more?
>
>
> Hi
>
> Microsoft ASN.1 Library Length Overflow Heap Corruption
> http://www.eeye.com/html/Research/Advisories/AD20040210.html
>
> <quote>
>
> Software Affected:
> Microsoft Internet Explorer
> Microsoft Outlook
> Microsoft Outlook Express
> Third-party applications that use certificates
>
> Services Affected:
> Kerberos (UDP/88)
> Microsoft IIS using SSL
> NTLMv2 authentication (TCP/135, 139, 445)
>
>
> Description:
>
> eEye Digital Security has discovered a critical vulnerability in
> Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker
> to overwrite heap memory on a susceptible machine and cause the
> execution of arbitrary code. Because this library is widely used by
> Windows security subsystems, the vulnerability is exposed through an
> array of avenues, including Kerberos, NTLMv2 authentication, and
> applications that make use of certificates (SSL, digitally-signed
> e-mail, signed ActiveX controls, etc.).
>
> </quote>
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter
>
>

--
http://www.sbslinks.com/really.htm

Top