posted on Tuesday, February 10, 2004 9:29 PM
by
demiliani
Terrible!!!: Microsoft ASN.1 Library Length Overflow Heap Corruption
Really terrible... another critical vulnerability affecting Windows 2000/XP/2003 has been just announced by eEye. It is worthy to note, that it took Microsoft over 6 months to fix it. The bug affects ASN.1 library and is remotely exploitable through authentication subsystems (Kerberos, NTLMv2) and applications that make use of SSL certificates. You can see a technical description of the bug HERE.
Terrible, expecially because this bug affects a DLL (MSASN1.DLL) that is widely used by Windows security subsystems. Where is security???