sure] EEYE: Microsoft ASN.1 Library Bit String Heap
Corruption
>>Sure am glad you put that notice in there, here I was getting all hot
and bothered that you were giving people a road map to the exploit.
Here I was wondering why a security vendor would be increasing the risk
model by releasi
Please, enough of the stupidity over your definition of full-disclosure over
someone else's version of full-disclosure.
Every 2 months we have to endure another idiot that spouts bullshit over how
security firms are being "unethical" with helping release information about
security bugs.
Shut u
I for one am very grateful for the fact that eEye releases technical
information on the flaw. I think it helps us ALL to know the technical
information so WE as security and IT professionals have a better idea
of what the real risk is.
I'm sorry but Microsoft Knowledge Base KB828028 tells me noth
>>Resolution of vulnerabilities is not the same thing as technical detail
_disclosure_ of details about the vulnerability.<<
Ok they are not the same but it is the _details_ that are important, we
aren't taking about point and click PoC code, we are talking about details
of the flaw. This is a lib
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
bothered that you were giving people a road map to the exploit.
>
>Here I was wondering why a security vendor would be increasing the
>risk
>model
Increasing the "risk model" by giving people more information? Are you
kidding? Are you lost? On the w
Geo. wrote:
Sure am glad you put that notice in there, here I was getting all hot
and bothered that you were giving people a road map to the exploit.
Here I was wondering why a security vendor would be increasing the risk
model by releasing details which will save the "bad guys" weeks of
re
>>Sure am glad you put that notice in there, here I was getting all hot
and bothered that you were giving people a road map to the exploit.
Here I was wondering why a security vendor would be increasing the risk
model by releasing details which will save the "bad guys" weeks of
research on the day
"Note: Due to the technical nature of the vulnerability described above,
this advisory may contain disassembly and/or hexadecimal byte codes.
This information is in no way related to "exploit code", "payloads", or
"shell code"."
*Phew*
Sure am glad you put that notice in there, here I was getting
Microsoft ASN.1 Library Bit String Heap Corruption
Release Date:
February 10, 2004
Date Reported:
September 25, 2003
Severity:
High (Remote Code Execution)
Systems Affected:
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Description:
eEye Dig