Microsoft announces ASN.1 Library exploit

Jeffrey Altman jaltman at columbia.edu
Tue Feb 10 16:00:29 EST 2004


Microsoft Security Bulletin MS04-007:
ASN.1 Vulnerability Could Allow Code Execution (828028)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp

Summary:
 Version Number: V1.0
 Revision Date: 02-10-2004
 Impact of Vulnerability: Remote Code Execution
 Maximum Severity Rating: Critical

A security vulnerability exists in the Microsoft ASN.1 Library that
could allow code execution on an affected system. The vulnerability is
caused by an unchecked buffer in the Microsoft ASN.1 Library, which
could result in a buffer overflow.

An attacker who successfully exploited this buffer overflow
vulnerability could execute code with system privileges on an affected
system. The attacker could then take any action on the system, including
installing programs, viewing data, changing data, deleting data, or
creating new accounts with full privileges.

Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by
many applications and devices in the technology industry for allowing
the normalization and understanding of data across various platforms.
More information about ASN.1 can be found in Microsoft Knowledge Base
Article 252648.



More information about the Kerberos mailing list