This is not an unspecified remote DoS. This is related to the vulnerabilities discovered by EEYE. The reason the exploit caused a DoS is because the OpenSSL vulnerabilities and vulnerabilities discovered by EEYE overlap. They both have a length integer overflow. I actually believe that EEYE discovered their vulnerabilities right after the OpenSSL vulnerabilities came out. They ran their PoC code against IIS and discovered a DoS (just like this bid reports). Then they dug a bit deeper and now we have those multiple MS ASN.1 vulnerabilities that everybody is talking about. It was pretty much a no brainer for them. Kyle
