Microsoft Windows ASN.1 library contains a memory management vulnerability

Overview

Microsoft’s ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code.

Description

Microsoft’s ASN.1 library contains a memory management error, potentially a “double-free” condition. By sending a crafted request, an attacker may be able to exploit this vulnerability to corrupt memory or execute arbitrary code. This vulnerability affects the following systems:

* Windows XP
* Windows Server 2003
* Windows NT 4.0
* Windows 2000
* Windows 98, 98 SE, ME   

---

Impact

Exploitation of this vulnerability may lead to a denial-of-service condition, or the ability to execute arbitrary code.

---

Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

---

Vendor Information

255924

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 14, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft Security Bulletin MS04-011 contains information regarding this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23255924 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;

Acknowledgements

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs:	CVE-2004-0123
Severity Metric:	48.55 Date Public: