Description: Integer arithmetic errors create the possibility for some friendly fellow to overflow your buffers via encrytion and authentication services(Any service that uses the ASN.1 Library) and execute code based on the privleges of the exploited service(in most cases system).

Solution: Patch from Microsoft

What's Related

Story Options

More MS Vulnerabilities | 1 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Service Privileges and unneeded services

Authored by: logikal on Friday, February 13 2004 @ 09:56 AM EST

This and other potentially exploitable vulnerabilities is
exactly why it is important to ensure that services have
the absolute minimum required permissions to anything.
Running every service as "SYSTEM" or with full access to
your entire machine means every potential exploit will
affect your entire system. Also, every service that is
open and accepting requests that you aren't using means
more possible ways to get in and do damage on a system.

[ Reply to This | # ]