Vulnerability Note VU#255924

Microsoft Windows ASN.1 library contains a memory management vulnerability

Original Release date: 14 Apr 2004 | Last revised: 14 Apr 2004

Overview

Microsoft's ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code.

Description

Microsoft's ASN.1 library contains a memory management error, potentially a "double-free" condition. By sending a crafted request, an attacker may be able to exploit this vulnerability to corrupt memory or execute arbitrary code. This vulnerability affects the following systems:

  • Windows XP
  • Windows Server 2003
  • Windows NT 4.0
  • Windows 2000
  • Windows 98, 98 SE, ME

Impact

Exploitation of this vulnerability may lead to a denial-of-service condition, or the ability to execute arbitrary code.

Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-14 Apr 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

  • CVE IDs: CAN-2004-0123
  • Date Public: 13 Apr 2004
  • Date First Published: 14 Apr 2004
  • Date Last Updated: 14 Apr 2004
  • Severity Metric: 48.55
  • Document Revision: 2

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.