"Due to the nature of this vulnerability, reliable and successful remote exploitation is considered difficult." funny little men. there already a half working exploit for ASN. http://linuxfromscratch.org/~devine/MS04-007-dos.c -----Original Message----- From: X-Force [mailto:xforce@iss.net] Sent: Wednesday, February 11, 2004 9:55 AM To: bugtraq@securityfocus.com Subject: ISS Security Brief: Microsoft ASN.1 Integer Manipulation Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief February 11, 2004 Microsoft ASN.1 Integer Manipulation Vulnerabilities Synopsis: Microsoft has release Security Bulletin MS04-007 to address vulnerabilities in the ASN.1 parsing component of the Windows Operating Systems. This component is used by several applications for transmission of data across the network. Some examples of applications which make use of ASN.1 include Internet Explorer and IIS for certificate parsing, NTLMv2 authentication, Kerberos authentication, ISAKMP, LDAP and Exchange. Impact: The vulnerability could be exploited by remote attackers to cause a Denial of Service (DoS) or potentially gain access to a vulnerable machine with the privileges of the services being exploited. This vulnerability may be exploited in many default configurations if vulnerable services are remotely accessible. There are currently no known exploits in the wild for this issue. Due to the nature of this vulnerability, reliable and successful remote exploitation is considered difficult Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
