[HACK] Microsoft ASN.1 exploit released

Roman Medina-Heigl Hernandez roman at rs-labs.com
Fri Apr 22 13:36:59 CEST 2005


Solar Eclipse ha hecho público lo siguiente, hace un par de días:
http://www.phreedom.org/solar/exploits/msasn1-bitstring/

Es simplemente acojonante... **vaya currada**. La vulnerabilidad es de
hace 1 año aproximadamente, y se sacaron parches en su día, pero no se
publicó nada.

Resumen extraido de su web:

"Microsoft ASN.1 remote exploit
26 Mar 2004

This is an exploit for a previously undisclosed vulnerability in the bit
string decoding code in the Microsoft ASN.1 library. This vulnerability
is not related to the bit string vulnerability described in eEye
advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007
patch."

Saludos,
-Román



More information about the hacking mailing list