Microsoft Windows ASN.1 Double Free Code Execution

2004-04-13T17:50:33
ID OSVDB:5261
Type osvdb
Reporter OSVDB
Modified 2004-04-13T17:50:33

Description

Vulnerability Description

Microsoft's ASN.1 implementation contains a flaw that may allow a malicious user to cause denial-of-service conditions or possibly execute arbitrary code. The issue is triggered when a specially crafted authentication request is sent to the ASN.1 parser, causing it to free memory that has already been freed. It is possible that the flaw may allow memory corruption, denial of service, or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft's ASN.1 implementation contains a flaw that may allow a malicious user to cause denial-of-service conditions or possibly execute arbitrary code. The issue is triggered when a specially crafted authentication request is sent to the ASN.1 parser, causing it to free memory that has already been freed. It is possible that the flaw may allow memory corruption, denial of service, or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://www.microsoft.com/ US-CERT Cyber Security Alert: TA04-104A Secunia Advisory ID:11064 Related OSVDB ID: 5251 Related OSVDB ID: 5254 Related OSVDB ID: 5255 Related OSVDB ID: 5256 Related OSVDB ID: 5260 Related OSVDB ID: 5249 Related OSVDB ID: 5257 Related OSVDB ID: 5248 Related OSVDB ID: 5250 Related OSVDB ID: 5252 Related OSVDB ID: 5253 Related OSVDB ID: 5258 Related OSVDB ID: 5259 Nessus Plugin ID:12209 Microsoft Security Bulletin: MS04-011 Microsoft Knowledge Base Article: 835732 ISS X-Force ID: 15713 CVE-2004-0123 CIAC Advisory: o-114 CERT VU: 255924 Bugtraq ID: 10118