|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re[2]: [Dailydave] ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007
From: Halvar Flake (halvar
gmx.de)
Date: Wed Feb 11 2004 - 13:24:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey all,
N> And that's probably the same thing for the US-CERT and the
N> "Vulnerabilities Cartel" created by ISS, Foundstone, stake, ...
N> So, from this page [1], we can deduce that there's numerous guys (at
N> least one hundred ?) knowing about 2 HIGH severity vulns in MS products
N> for half a year.
I personally think that anyone who looked seriously at MSASN1.DLL
could've had these vulns, and after the H323 bugs I would assume many
people took an interest and looked at it (which they didn't do
before).
But then again, is there anyone surprised at all ? I think with a
piece of soft as complex as Windows, we can safely assume that at any
given point in time some group of people will have a remote for it (if
you don't want to accept this notion, take iexplore into the picture
and the prospect of client-side exploitation).
Ahwell. I personally have this weird idea that we're by far not done
with MSASN1.DLL.
Cheers,
Halvar
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]