Re: A little help??

[Inventor UCL <digiwind () hotmail com>]

In-Reply-To: <200403091916.i29JGTWk077146 () mailserver2 hushmail com>

> Using the MS ASN.1 vulnerability as an example, I have a question:
> How was Eeye able to determine which function the heap overflow existed
> in.  I have been able to trace through the msasn1.dll, but I can't figure

Probably based on the earlier ASN.1 vulnerability in OpenSSL.

> out how to find the exact function that contains the overflow.

Look up Fuzzers. Might be helpful.

inv_