11 matches found
Microsoft ASN.1 Library Bitstring Heap Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft...
MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow
This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. Windows...
Microsoft Windows ASN.1 library contains a memory management vulnerability
Overview Microsoft's ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code. Description Microsoft's ASN.1 library contains a memory management error, potentially a "double-free" condition. By...
Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
Description It has been reported that Microsoft ASN.1 library is prone to a double free heap memory corruption vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. Exploitation of this issue is likely to cause a denial of service condition due to the...
CVE-2003-0818
Multiple integer overflows in Microsoft ASN.1 library MSASN1.DLL, as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with 1 very large length fields that cause...
Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow Vulnerabilities
Description It has been reported that Microsoft ASN.1 library may be prone to multiple stack-based buffer overflow vulnerabilities that could allow an attacker to execute arbitrary code leading to unauthorized access to a vulnerable system. The issues have been identified in ASN1BERDecDouble and...
CVE-2003-0818
Multiple integer overflows in Microsoft ASN.1 library MSASN1.DLL, as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with 1 very large length fields that cause...
CVE-2003-0818
CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...
EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Microsoft ASN.1 Library Length Overflow Heap Corruption Release Date: February 10, 2004 Date Reported: July 25, 2003 Severity: High Remote Code Execution Systems Affected: Microsoft Windows NT 4.0 all versions Microsoft Windows 2000 SP3 and earlier Microsoft Windows XP all versions Software...
Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability
Description A vulnerability has been reported in the Microsoft ASN.1 library. This issue is related to insufficient checking of data supplied via an externally supplied length field in ASN.1 BER encoded data. This could result in an excessive value being used in a heap allocation routine, allowin...
Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values
Overview The Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and...