CVE-2003-0818

high

Description

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007

http://www.us-cert.gov/cas/techalerts/TA04-041A.html

http://www.kb.cert.org/vuls/id/583108

http://www.kb.cert.org/vuls/id/216324

http://marc.info/?l=ntbugtraq&m=107650972723080&w=2

http://marc.info/?l=ntbugtraq&m=107650972617367&w=2

http://marc.info/?l=bugtraq&m=107643892224825&w=2

http://marc.info/?l=bugtraq&m=107643836125615&w=2

Details

Source: Mitre, NVD

Published: 2004-03-03

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High