PT-2004-1167 · Microsoft · Windows Nt 4.0+3

Derek Soeder

Published

2004-02-11

Updated

2019-04-30

CVE-2003-0818

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Windows NT 4.0 Windows 2000 Windows XP

Description The issue is related to multiple integer overflows in the Microsoft ASN.1 library, which can be exploited by remote attackers to execute arbitrary code. This is achieved through ASN.1 BER encodings with very large length fields, causing arbitrary heap data to be overwritten, or through modified bit strings.

Recommendations For Windows NT 4.0, apply the necessary patch to fix the integer overflows in the Microsoft ASN.1 library. For Windows 2000, apply the necessary patch to fix the integer overflows in the Microsoft ASN.1 library. For Windows XP, apply the necessary patch to fix the integer overflows in the Microsoft ASN.1 library.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0818

Affected Products

Asn.1 Library

Windows 2000

Windows Nt 4.0

Windows Xp

PT-2004-1167 · Microsoft · Windows Nt 4.0+3

CVE-2003-0818

Related Identifiers

Affected Products

References · 17