Signature Detail
Short Name |
HTTP:IIS:ASN-1-BOF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ASN.1 Stack-Based Buffer Overflow |
Release Date |
2005/05/06 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: ASN.1 Stack-Based Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the Microsoft ASN.1 library, which is susceptible to multiple stack-based buffer overflow vulnerabilities. A successful attack can allow an attacker to execute arbitrary code leading to unauthorized access. The issues are identified in ASN1BERDecDouble and ASN1PERDecDouble functions.
Extended Description
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
Affected Products
- Microsoft windows_2000 (sp2)
- Microsoft windows_2000 (sp3)
- Microsoft windows_2000 (sp4:)
- Microsoft windows_2000 (sp4)
- Microsoft windows_2000 (sp4::fr)
- Microsoft windows_2003_server 64-bit
- Microsoft windows_2003_server r2
- Microsoft windows_nt 4.0 (sp6)
- Microsoft windows_nt 4.0 (sp6a)
- Microsoft windows_nt 4.0 (sp6a:server)
- Microsoft windows_nt 4.0 (sp6a:workstation)
- Microsoft windows_nt 4.0 (sp6:terminal_server)
- Microsoft windows_xp (:64-bit)
- Microsoft windows_xp (gold)
- Microsoft windows_xp (sp1)
- Microsoft windows_xp (sp1:64-bit)
- Microsoft windows_xp (sp1:tablet_pc)
References