Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: cdowns <cdowns () drippingdead com>
Date: Wed, 11 Feb 2004 10:27:02 -0600
I agree, there is a problem with that because most Microsoft patches are updating a dll. So if your are not looking for both you dont have an accurate check.
I know this first hand from writing crappy Microcrap perl patch auditing tools. 

~!>D

Joao Gouveia wrote:


I can't say about Retina, but nessus only seams to check the existence
of the hotifx by looking at the registry. 
JG

On Wed, 2004-02-11 at 09:02, Philippe wrote:

Note that nessus or retina should (not tested) detect remotely that flaw.

See nessus pluging source for exploit ;-):
- http://cgi.nessus.org/plugins/dump.php3?id=12052

Or update your security scanners
- http://www.nessus.org
- http://www.eeye.com/html/Products/Retina/index.html

Hope this helps
Regards

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.htm


l


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: