lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 13 Feb 2004 17:41:45 -0500
From: "Joshua Levitsky" <jlevitsk@...hie.com>
To: "Boyce, Nick" <nick.boyce@....com>, <BUGTRAQ@...urityfocus.com>
Cc: "'Marc Maiffret'" <mmaiffret@...e.com>
Subject: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption


----- Original Message ----- 
Sent: Wednesday, February 11, 2004 2:04 PM
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

> At the risk of boring everyone with thoughts of "obsolete" technology, I
> note that Win98SE systems with Internet Explorer 6 SP1 and all current
fixes
> contain the library MSASN1.DLL :
>
>   location:  {system drive}\WINDOWS\SYSTEM
>   version:  4.4.3388
>   size:  51,984 bytes
>   date: 23rd.October.2000

I asked my TAM this very question. Microsoft's response was "This is under
investigation by PSS security. If it is affected, per our support policy, a
patch should be issued. More to come..."  So if there is a problem then
expect a patch. Remember that the Windows 98 support was extended a few
years so it no longer expired last month. I was rather pleased with
Microsoft that they were actively looking in to this, and that a patch would
come if it was needed.

--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]



Powered by blists - more mailing lists