Vulnerability Note VU#255924

Microsoft Windows ASN.1 library contains a memory management vulnerability

Overview

Microsoft's ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code.

I. Description

Microsoft's ASN.1 library contains a memory management error, potentially a "double-free" condition. By sending a crafted request, an attacker may be able to exploit this vulnerability to corrupt memory or execute arbitrary code. This vulnerability affects the following systems:

Windows XP
Windows Server 2003
Windows NT 4.0
Windows 2000
Windows 98, 98 SE, ME

II. Impact

Exploitation of this vulnerability may lead to a denial-of-service condition, or the ability to execute arbitrary code.

III. Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable	14-Apr-2004

References

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Credit

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public:	2004-04-13
Date First Published:	2004-04-14
Date Last Updated:	2004-04-14
CERT Advisory:
CVE-ID(s):	CAN-2004-0123
NVD-ID(s):	CAN-2004-0123
US-CERT Technical Alerts:
Metric:	48.55
Document Revision:	2

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader