Skip to main content

Yet Another Critical Microsoft Vulnerability

Article Reads:16243

Here we go again, the jolly guys at eEye have discovered a critical vulnerability affecting Windows 2000/XP/2003. There is a buffer overflow in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to run code of his choice on the victim machine. As an interesting note, Microsoft have been sitting on this flaw since July 25th 2003 ! Here is the Microsoft bulletin. Better start patching before we see a new worm.

From the talk on bugtraq :
"If your running, Windows NT 4.0, Windows 2000, Windows XP, or Windows 2003, you are 99.9999% positive to be vulnerable, regardless of what your configuration might be. Don't try to guess if you have any of the affected protocols or applications (lets not forget third party apps using the MS ASN library), just install the patch. "

Microsoft ASN.1 Library Length Overflow Heap Corruption
Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates

Services Affected:
Kerberos (UDP/88)
Microsoft IIS using SSL
NTLMv2 authentication (TCP/135, 139, 445)

Your IP address:

Security Service Edge (SSE)

Catonetworks Security Service Edge (SSE)

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any

Network and Server Monitoring

Network and Server Monitoring



Secure SD-WAN - SASE

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Bandwidth Monitor

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Firewall Analyzer

zoho firewall analyzer