Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0818

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0818
Last Modified 07 Mar 2011 09:13:07
Published 03 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0818

Summary

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

CERT - TA04-041A

CERT-VN - VU#583108

CERT-VN - VU#216324

MS - MS04-007

NTBUGTRAQ - 20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption

NTBUGTRAQ - 20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption


Last Updated: 27 May 2016 10:38:04