Skip to main content

Yet Another Critical Microsoft Vulnerability

Article Reads:16655

Here we go again, the jolly guys at eEye have discovered a critical vulnerability affecting Windows 2000/XP/2003. There is a buffer overflow in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to run code of his choice on the victim machine. As an interesting note, Microsoft have been sitting on this flaw since July 25th 2003 ! Here is the Microsoft bulletin. Better start patching before we see a new worm.

From the talk on bugtraq :
"If your running, Windows NT 4.0, Windows 2000, Windows XP, or Windows 2003, you are 99.9999% positive to be vulnerable, regardless of what your configuration might be. Don't try to guess if you have any of the affected protocols or applications (lets not forget third party apps using the MS ASN library), just install the patch. "


Microsoft ASN.1 Library Length Overflow Heap Corruption
Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates

Services Affected:
Kerberos (UDP/88)
Microsoft IIS using SSL
NTLMv2 authentication (TCP/135, 139, 445)

Your IP address:

35.173.48.18

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

Free NIS2 Compliance Directive Webinar

EU Network and Information Security (NIS2) Compliance Directive

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Zoho Netflow Analyzer Free Download

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast

Hornet-Security-The-Swarm-Podcast

Firewall Analyzer

zoho firewall analyzer