Full Disclosure mailing list archives

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: Scott Taylor <scott%BerthoudWireless.net () berthoudwireless net>
Date: Tue, 10 Feb 2004 22:14:07 -0700

Wow, you pay about as much attention as microsoft does. That 93 is "days
overdue", 153 days after it was reported to that cluster of
incompetents. It really should read about 150 days overdue, someone
apparently felt it was reasonable to take 2 months to release a patch?

Besides, thats just the stuff that eeye notified them of, and doesn't
take into account reports from everyone else they pretend isn't a
problem until it makes headlines on CNN.

On Tue, 2004-02-10 at 21:14, Les Ault wrote:

Apparently there are 7 upcoming advisories, and the oldest one is 93
days old. 

Link: http://www.eeye.com/html/Research/Upcoming/index.html

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Richard M.
Smith
Sent: Tuesday, February 10, 2004 9:41 PM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] EEYE: Microsoft ASN.1 Library Length
Overflow Heap Corruption

Hi Marc, 

   >>> Date Reported: July 25, 2003

Given that it took Microsoft almost 6 months to fix this problem, I'm
wondering how many other Eeye security holes are in the queue that
Microsoft
is currently working on.  Enquiring minds would like to know! ;-)

Richard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

--
Scott Taylor - <scott () BerthoudWireless net> 

"Nature abhors a Vacuum"

  -- Brian Behlendorf on OSS (Open Sources, 1999 O'Reilly and Associates)

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Papp Geza (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Richard M. Smith (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Byron Copeland (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Les Ault (Feb 10)
    - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Byron Copeland (Feb 10)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Benjamin Meade (Feb 10)
    - Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption) Spiro Trikaliotis (Feb 11)
    - Re: Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption) CHS (Feb 11)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption J. Theriault (Feb 10)
    - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Scott Taylor (Feb 11)
    - Re: EEYE: Microsoft ASN.1 Library LengthOverflow Heap Corruption Tim Kowalsky (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Damian Gerow (Feb 10)
- <Possible follow-ups>
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption http-equiv () excite com (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Philippe (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Philippe (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joao Gouveia (Feb 11)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption cdowns (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption jeremy (Feb 11)
    - (kind of off topic) this book has been writen. is Mitnick a monkey or what? adam (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption webheadport80 (Feb 11)