Timothy J.Miller wrote: > Is anyone else wondering why MS didn't fix this with the last round of > ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It's > basically the same problem. Not really. AFAIK, they haven't fixed an equivalent to the xdr_array() integer overflow in the NSVC run-time library, either. (I was rather surprised to see an HP-UX advisory on this issue a couple of weeks ago, though.)
