Microsoft Windows ASN.1 Library buffer overflow
| win-asn1-library-bo (15039) |  High Risk |
Description:
Microsoft Windows NT, Windows 2000, Windows XP, and Windows Server 2003 are vulnerable to a buffer overflow in the Microsoft's implementation of the Abstract Syntax Notation 1 (ASN.1) Library. ASN.1 is the language used to standardize data across multiple platforms. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code with system privileges.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS04-011. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-007, but it has been superseded by the patch released with MS04-011. See References.
References:
- Internet Security Systems Security Alert, February 11, 2004: Microsoft ASN.1 Integer Manipulation Vulnerabilities.
- Microsoft Security Bulletin MS04-007: ASN.1 Vulnerability that Could Allow Code Execution (828028).
- Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732).
- Technical Cyber Security Alert TA04-041A: Multiple Vulnerabilities in Microsoft ASN.1 Library.
- UNIRAS (UK Govt CERT) ALERT - 04/04 dated 11.02.04 Time: 11:50: NISCC Assessment of Microsoft ASN.1 Library Vulnerabilities.
- UNIRAS (UK Govt CERT) Briefing Notice - 75/04 dated 14.02.04 Time: 19:50: Exploit code for Microsoft Windows ASN.1 Vulnerabilities.
- BID-13300: Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability
- BID-9633: Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability
- BID-9635: Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability
- BID-9660: Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
- BID-9743: Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow Vulnerabilities
- CVE-2003-0818: Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
- US-CERT VU#216324: Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values
- US-CERT VU#583108: Microsoft ASN.1 Library improperly decodes constructed bit strings
Platforms Affected:
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP4
- Microsoft Windows 2000 SP3
- Microsoft Windows 2003 Server
- Microsoft Windows 2003 Server x64
- Microsoft Windows NT 4.0 SP6a Server
- Microsoft Windows NT 4.0 SP6 Terminal Server
- Microsoft Windows NT 4.0 SP6a Workstation
- Microsoft Windows XP 2003 x64
- Microsoft Windows XP 2003 SP1 x64
- Microsoft Windows XP
- Microsoft Windows XP x64
- Microsoft Windows XP SP1
- Microsoft Windows XP SP1 x64
Reported:
Feb 10, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net