CVE-2005-1935

Name of the Vulnerable Software and Affected Versions Microsoft ASN.1 library (MSASN1.DLL) (affected versions not specified)

Description The issue is related to a heap-based buffer overflow in the BERDecBitString function, allowing remote attackers to execute arbitrary code via nested constructed bit strings. This can lead to the function overwriting previously freed memory. The issue can be demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.