[HACK] Microsoft ASN.1 exploit released
Roman Medina-Heigl Hernandez
roman at rs-labs.com
Fri Apr 22 13:36:59 CEST 2005
Solar Eclipse ha hecho público lo siguiente, hace un par de días:
http://www.phreedom.org/solar/exploits/msasn1-bitstring/
Es simplemente acojonante... **vaya currada**. La vulnerabilidad es de
hace 1 año aproximadamente, y se sacaron parches en su día, pero no se
publicó nada.
Resumen extraido de su web:
"Microsoft ASN.1 remote exploit
26 Mar 2004
This is an exploit for a previously undisclosed vulnerability in the bit
string decoding code in the Microsoft ASN.1 library. This vulnerability
is not related to the bit string vulnerability described in eEye
advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007
patch."
Saludos,
-Román
More information about the hacking
mailing list