3902 : Microsoft Windows ASN.1 Library Integer Overflow
Printer | http://osvdb.org/3902 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
15	2254	over 9 years ago	5 days ago	12 times	100%

Timeline

Disclosure Date
2004-02-10

Time to Patch
138 days

Description

A vulnerability exists in the ASN.1 protocol library used by the Windows operating system. This flaw allows a hostile BITSTRING ASN.1 sequence to overwrite sections of heap memory remotely through any service which parses ASN.1 data. Examples of affected services include NetBIOS, SMB, IPSEC, Kerberos, SSL, and IIS. With a specially crafted request, an attacker can execute code with the privileges of the processing component, resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Authentication Management, Input Manipulation, Race Condition
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Microsoft has released a patch to address this vulnerability, there are currently no known workarounds.

Products

Microsoft Corporation	Windows XP	SP1
	Windows NT	4.0 SP6a
	Windows Server 2003	SP0
	Windows 2000	SP3
		SP2
		SP4
	Windows XP Professional 64-bit Edition	SP0
	Windows XP Professional 64-bit Edition	SP1

References

Secunia Advisory ID: 10759
Milw0rm: 153
Exploit Database: 153
CVE ID: 2003-0818 (see also: NVD)
Microsoft Knowledge Base Article: 252648
Metasploit ID: 3902
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0268.html
http://research.eeye.com/html/advisories/published/AD20040210-2.html
http://www.eeye.com/html/Research/Advisories/AD20040210-2.html [ Link is 404 ]
http://www.foundstone.com/products/sa/fs-sa-02-10-04.pdf
Generic Exploit URL: http://immunitysec.com
http://metasploit.com/projects/Framework/modules/exploits/msasn1_ms04_007_killbill.pm
Vendor Specific Solution URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE-48E9-ACD0-1343D89CCBBA&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2-4797-A8C6-A2E663A53698&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318-4AD5-9C2C-0577118A1E68&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497-42FF-90E7-283732B2E117&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=92400199-B3D5-4826-98D4-F134849F5249&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=D83B39D3-FF13-4D0B-B406-A225AED0D659&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1-4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Security Bulletin: MS04-007
Keyword: MSASN1.DLL

Tools & Filters

	12052 12054 12055 12065
Snort	12058 12905 2382 2383 2384 2385 2386 3000 3001 3002 3003 3004 3005
	ms04_007

Credit

Derek Soeder - eEye Digital Security

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Timeline

Description

Classification

Solution

Products

Microsoft Corporation

Windows XP

Windows NT

Windows Server 2003

Windows 2000

Windows XP Professional 64-bit Edition

References

Tools & Filters

Credit

CVSSv2 Score

Comments