Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.

The remote Windows host has an ASN.1 library with multiple integer overflow vulnerabilities.  These issues could lead to a heap-based buffer overflow.  A remote attacker could exploit these issues to execute arbitrary code.

This particular check sent a malformed SMTP authorization packet and determined that the remote host is not patched.

The remote Windows host has an ASN.1 library with a vulnerability that could allow an attacker to execute arbitrary code on this host.

To exploit this flaw, an attacker would need to send a specially crafted ASN.1 encoded packet with improperly advertised lengths.

This particular check sent a malformed HTML authorization packet and determined that the remote host is not patched.

The remote Windows host has an ASN.1 library that could allow an attacker to execute arbitrary code on this host.

To exploit this flaw, an attacker would need to send a specially crafted ASN.1 encoded packet with improperly advertised lengths.

This particular check sent a malformed NTLM packet and determined that the remote host is not patched.

The remote Windows host has a ASN.1 library that is vulnerable to a flaw that could allow an attacker to execute arbitrary code on this host.

To exploit this flaw, an attacker would need to send a specially crafted ASN.1 encoded packet (either an IPsec session negotiation, or an HTTPS request) with improperly advertised lengths.

A public code is available to exploit this flaw.

ID	Name	Product	Family	Severity
12065	ASN.1 Multiple Integer Overflows (SMTP check)	Nessus	SMTP problems	critical
12055	MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028) (uncredentialed check) (HTTP)	Nessus	Windows	high
12054	MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028) (uncredentialed check) (NTLM)	Nessus	Windows	critical
12052	MS04-007: ASN.1 parsing vulnerability (828028)	Nessus	Windows : Microsoft Bulletins	critical

Detections

Analytics

CVE-2003-0818

high

Tenable Plugins

critical

high

critical

critical