Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote malicious users to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 2000 |
||
microsoft windows 2003 server web |
||
microsoft windows nt 4.0 |
||
microsoft windows xp |
||
microsoft windows 2003 server enterprise_64-bit |
||
microsoft windows 2003 server r2 |
||
microsoft windows 2003 server enterprise |
||
microsoft windows 2003 server standard |