|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-12-08 | |
| Rule Name: | EXPLOIT Microsoft ASN.1 Library Integer Overflow Vulnerability -10 (CVE-2003-0818) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:MS04-007 |
|
| Solutions |
|---|
| Microsoft has released a patch MS04-007 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/bulletin/MS04-007.asp |