MicrosoftWindows ASN.1 library buffer overflow vulnerability
MicrosoftWindows ASN.1 library buffer overflow vulnerability
Date Discovered: February 10, 2004
Date Published: February 10, 2004
Last Updated: June 21, 2004
Vulnerability ID: 27322
Discovered by: eEye
Exploitable Locally: Yes
Exploitable Remotely: Yes
Impact: Attackers can execute arbitrary code or cause a denial of service condition.
Root Cause: Software Vulnerability
Microsoft Windows contains a vulnerability that can allow attackers to execute arbitrary code or cause a denial of service condition. The vulnerability is due to a lack of bounds checking by the Microsoft ASN.1 library, MSASN1.DLL. An attacker can use a carefully constructed request containing malformed ASN.1 data to cause an overflow, which can result in arbitrary code execution or cause a denial of service to occur. Probable attack vectors use LSASS.EXE or CRYPT32.DLL through Kerberos, NTLMv2 authentication, ISAKMP, LDAP, Exchange, IIS with SSL, and applications that make use of certificates.
Recommendations
Apply the patch provided by the vendor.
Note: Windows NT is only affected if MS03-041 or other certain patches are installed. If the file Msasn1.dll exists on the system, then install the patch.
Microsoft Windows NT Workstation 4.0 Service Pack 6a:
WindowsNT4Workstation-KB828028-x86-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=92400199-B3D5-4826-98D4-F134849F5249&displaylang=en
Microsoft Windows NT Server 4.0 Service Pack 6a:
WindowsNT4Server-KB828028-x86-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=E8315430-90CD-4B20-8F54-58527932B588&displaylang=en
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6:
WindowsNT4TerminalServer-KB828028-x86-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=D83B39D3-FF13-4D0B-B406-A225AED0D659&displaylang=en
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft 2000 Windows Service Pack 4:
Windows2000-KB828028-x86-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2-4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows XP, Microsoft Windows XP Service Pack 1:
WindowsXP-KB828028-x86-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE-48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1:
WindowsXP-KB828028-ia64-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318-4AD5-9C2C-0577118A1E68&displaylang=en
Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1:
WindowsServer2003-KB828028-ia64-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1-4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows Server 2003:
WindowsServer2003-KB828028-x86-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497-42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows Server 2003 64-Bit Edition:
WindowsServer2003-KB828028-ia64-ENU
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1-4B5F-958F-E178C3F61F7C&displaylang=en
Windows 98, all versions:
Contact customer support for information on how to obtain the patch.
Vendor advisory:
MS04-007
828028
Affected Technologies
Microsoft: Windows 2000 Advanced Server SP2
Microsoft: Windows 2000 Advanced Server SP2 DA
Microsoft: Windows 2000 Advanced Server SP2 DE
Microsoft: Windows 2000 Advanced Server SP2 ES
Microsoft: Windows 2000 Advanced Server SP2 FI
Microsoft: Windows 2000 Advanced Server SP2 FR
Microsoft: Windows 2000 Advanced Server SP2 IT
Microsoft: Windows 2000 Advanced Server SP2 JA
Microsoft: Windows 2000 Advanced Server SP2 KO
Microsoft: Windows 2000 Advanced Server SP2 NL
Microsoft: Windows 2000 Advanced Server SP2 NO
Microsoft: Windows 2000 Advanced Server SP2 PT
Microsoft: Windows 2000 Advanced Server SP2 PTBR
Microsoft: Windows 2000 Advanced Server SP2 SV
Microsoft: Windows 2000 Advanced Server SP2 ZHCN
Microsoft: Windows 2000 Advanced Server SP3
Microsoft: Windows 2000 Advanced Server SP3 DA
Microsoft: Windows 2000 Advanced Server SP3 DE
Microsoft: Windows 2000 Advanced Server SP3 ES
Microsoft: Windows 2000 Advanced Server SP3 FI
Microsoft: Windows 2000 Advanced Server SP3 FR
Microsoft: Windows 2000 Advanced Server SP3 IT
Microsoft: Windows 2000 Advanced Server SP3 JA
Microsoft: Windows 2000 Advanced Server SP3 KO
Microsoft: Windows 2000 Advanced Server SP3 NL
Microsoft: Windows 2000 Advanced Server SP3 NO
Microsoft: Windows 2000 Advanced Server SP3 PT
Microsoft: Windows 2000 Advanced Server SP3 PTBR
Microsoft: Windows 2000 Advanced Server SP3 SV
Microsoft: Windows 2000 Advanced Server SP3 ZHCN
Microsoft: Windows 2000 Advanced Server SP4
Microsoft: Windows 2000 Advanced Server SP4 DA
Microsoft: Windows 2000 Advanced Server SP4 DE
Microsoft: Windows 2000 Advanced Server SP4 ES
Microsoft: Windows 2000 Advanced Server SP4 FI
Microsoft: Windows 2000 Advanced Server SP4 FR
Microsoft: Windows 2000 Advanced Server SP4 IT
Microsoft: Windows 2000 Advanced Server SP4 JA
Microsoft: Windows 2000 Advanced Server SP4 KO
Microsoft: Windows 2000 Advanced Server SP4 NL
Microsoft: Windows 2000 Advanced Server SP4 NO
Microsoft: Windows 2000 Advanced Server SP4 PT
Microsoft: Windows 2000 Advanced Server SP4 PTBR
Microsoft: Windows 2000 Advanced Server SP4 SV
Microsoft: Windows 2000 Advanced Server SP4 ZHCN
Microsoft: Windows 2000 Professional SP2
Microsoft: Windows 2000 Professional SP2 DA
Microsoft: Windows 2000 Professional SP2 DE
Microsoft: Windows 2000 Professional SP2 ES
Microsoft: Windows 2000 Professional SP2 FI
Microsoft: Windows 2000 Professional SP2 FR
Microsoft: Windows 2000 Professional SP2 IT
Microsoft: Windows 2000 Professional SP2 JA
Microsoft: Windows 2000 Professional SP2 KO
Microsoft: Windows 2000 Professional SP2 NL
Microsoft: Windows 2000 Professional SP2 NO
Microsoft: Windows 2000 Professional SP2 PT
Microsoft: Windows 2000 Professional SP2 PTBR
Microsoft: Windows 2000 Professional SP2 SV
Microsoft: Windows 2000 Professional SP2 ZHCN
Microsoft: Windows 2000 Professional SP3
Microsoft: Windows 2000 Professional SP3 DA
Microsoft: Windows 2000 Professional SP3 DE
Microsoft: Windows 2000 Professional SP3 ES
Microsoft: Windows 2000 Professional SP3 FI
Microsoft: Windows 2000 Professional SP3 FR
Microsoft: Windows 2000 Professional SP3 IT
Microsoft: Windows 2000 Professional SP3 JA
Microsoft: Windows 2000 Professional SP3 KO
Microsoft: Windows 2000 Professional SP3 NL
Microsoft: Windows 2000 Professional SP3 NO
Microsoft: Windows 2000 Professional SP3 PT
Microsoft: Windows 2000 Professional SP3 PTBR
Microsoft: Windows 2000 Professional SP3 SV
Microsoft: Windows 2000 Professional SP3 ZHCN
Microsoft: Windows 2000 Professional SP4
Microsoft: Windows 2000 Professional SP4 DA
Microsoft: Windows 2000 Professional SP4 DE
Microsoft: Windows 2000 Professional SP4 ES
Microsoft: Windows 2000 Professional SP4 FI
Microsoft: Windows 2000 Professional SP4 FR
Microsoft: Windows 2000 Professional SP4 IT
Microsoft: Windows 2000 Professional SP4 JA
Microsoft: Windows 2000 Professional SP4 KO
Microsoft: Windows 2000 Professional SP4 NL
Microsoft: Windows 2000 Professional SP4 NO
Microsoft: Windows 2000 Professional SP4 PT
Microsoft: Windows 2000 Professional SP4 PTBR
Microsoft: Windows 2000 Professional SP4 SV
Microsoft: Windows 2000 Professional SP4 ZHCN
Microsoft: Windows 2000 Server SP2
Microsoft: Windows 2000 Server SP2 DA
Microsoft: Windows 2000 Server SP2 DE
Microsoft: Windows 2000 Server SP2 ES
Microsoft: Windows 2000 Server SP2 FI
Microsoft: Windows 2000 Server SP2 FR
Microsoft: Windows 2000 Server SP2 IT
Microsoft: Windows 2000 Server SP2 JA
Microsoft: Windows 2000 Server SP2 KO
Microsoft: Windows 2000 Server SP2 NL
Microsoft: Windows 2000 Server SP2 NO
Microsoft: Windows 2000 Server SP2 PT
Microsoft: Windows 2000 Server SP2 PTBR
Microsoft: Windows 2000 Server SP2 SV
Microsoft: Windows 2000 Server SP2 ZHCN
Microsoft: Windows 2000 Server SP3
Microsoft: Windows 2000 Server SP3 DA
Microsoft: Windows 2000 Server SP3 DE
Microsoft: Windows 2000 Server SP3 ES
Microsoft: Windows 2000 Server SP3 FI
Microsoft: Windows 2000 Server SP3 FR
Microsoft: Windows 2000 Server SP3 IT
Microsoft: Windows 2000 Server SP3 JA
Microsoft: Windows 2000 Server SP3 KO
Microsoft: Windows 2000 Server SP3 NL
Microsoft: Windows 2000 Server SP3 NO
Microsoft: Windows 2000 Server SP3 PT
Microsoft: Windows 2000 Server SP3 PTBR
Microsoft: Windows 2000 Server SP3 SV
Microsoft: Windows 2000 Server SP3 ZHCN
Microsoft: Windows 2000 Server SP4
Microsoft: Windows 2000 Server SP4 DA
Microsoft: Windows 2000 Server SP4 DE
Microsoft: Windows 2000 Server SP4 ES
Microsoft: Windows 2000 Server SP4 FI
Microsoft: Windows 2000 Server SP4 FR
Microsoft: Windows 2000 Server SP4 IT
Microsoft: Windows 2000 Server SP4 JA
Microsoft: Windows 2000 Server SP4 KO
Microsoft: Windows 2000 Server SP4 NL
Microsoft: Windows 2000 Server SP4 NO
Microsoft: Windows 2000 Server SP4 PT
Microsoft: Windows 2000 Server SP4 PTBR
Microsoft: Windows 2000 Server SP4 SV
Microsoft: Windows 2000 Server SP4 ZHCN
Microsoft: Windows 98
Microsoft: Windows 98 SE
Microsoft: Windows NT Server 4.0 Enterprise Edition SP6a DE
Microsoft: Windows NT Server 4.0 Enterprise Edition SP6a ES
Microsoft: Windows NT Server 4.0 Enterprise Edition SP6a FR
Microsoft: Windows NT Server 4.0 Enterprise Edition SP6a JA
Microsoft: Windows NT Server 4.0 SP6a
Microsoft: Windows NT Server 4.0 SP6a DE
Microsoft: Windows NT Server 4.0 SP6a ES
Microsoft: Windows NT Server 4.0 SP6a FR
Microsoft: Windows NT Server 4.0 SP6a JA
Microsoft: Windows NT Server 4.0 SP6a KO
Microsoft: Windows NT Server 4.0 SP6a PTBR
Microsoft: Windows NT Server 4.0 SP6a ZHCN
Microsoft: Windows NT Server Terminal Server Edition SP6
Microsoft: Windows NT Workstation 4.0 SP6a
Microsoft: Windows NT Workstation 4.0 SP6a DE
Microsoft: Windows NT Workstation 4.0 SP6a FR
Microsoft: Windows NT Workstation 4.0 SP6a IT
Microsoft: Windows NT Workstation 4.0 SP6a JA
Microsoft: Windows NT Workstation 4.0 SP6a PTBR
Microsoft: Windows NT Workstation 4.0 SP6a ZHCN
Microsoft: Windows Server 2003 Enterprise Edition
Microsoft: Windows Server 2003 Enterprise Edition DA
Microsoft: Windows Server 2003 Enterprise Edition DE
Microsoft: Windows Server 2003 Enterprise Edition ES
Microsoft: Windows Server 2003 Enterprise Edition FI
Microsoft: Windows Server 2003 Enterprise Edition FR
Microsoft: Windows Server 2003 Enterprise Edition IT
Microsoft: Windows Server 2003 Enterprise Edition JA
Microsoft: Windows Server 2003 Enterprise Edition KO
Microsoft: Windows Server 2003 Enterprise Edition NL
Microsoft: Windows Server 2003 Enterprise Edition NO
Microsoft: Windows Server 2003 Enterprise Edition PT
Microsoft: Windows Server 2003 Enterprise Edition PTBR
Microsoft: Windows Server 2003 Enterprise Edition SV
Microsoft: Windows Server 2003 Enterprise Edition ZHCN
Microsoft: Windows Server 2003 Enterprise Edition, 64-bit
Microsoft: Windows Server 2003 Standard Edition
Microsoft: Windows Server 2003 Standard Edition DA
Microsoft: Windows Server 2003 Standard Edition DE
Microsoft: Windows Server 2003 Standard Edition ES
Microsoft: Windows Server 2003 Standard Edition FI
Microsoft: Windows Server 2003 Standard Edition FR
Microsoft: Windows Server 2003 Standard Edition IT
Microsoft: Windows Server 2003 Standard Edition JA
Microsoft: Windows Server 2003 Standard Edition KO
Microsoft: Windows Server 2003 Standard Edition NL
Microsoft: Windows Server 2003 Standard Edition NO
Microsoft: Windows Server 2003 Standard Edition PT
Microsoft: Windows Server 2003 Standard Edition PTBR
Microsoft: Windows Server 2003 Standard Edition SV
Microsoft: Windows Server 2003 Standard Edition ZHCN
Microsoft: Windows Server 2003 Web Edition
Microsoft: Windows Server 2003 Web Edition DA
Microsoft: Windows Server 2003 Web Edition DE
Microsoft: Windows Server 2003 Web Edition ES
Microsoft: Windows Server 2003 Web Edition FI
Microsoft: Windows Server 2003 Web Edition FR
Microsoft: Windows Server 2003 Web Edition IT
Microsoft: Windows Server 2003 Web Edition JA
Microsoft: Windows Server 2003 Web Edition KO
Microsoft: Windows Server 2003 Web Edition NL
Microsoft: Windows Server 2003 Web Edition NO
Microsoft: Windows Server 2003 Web Edition PT
Microsoft: Windows Server 2003 Web Edition PTBR
Microsoft: Windows Server 2003 Web Edition SV
Microsoft: Windows Server 2003 Web Edition ZHCN
Microsoft: Windows XP 64-bit Edition
Microsoft: Windows XP 64-bit Edition SP1
Microsoft: Windows XP Home Edition
Microsoft: Windows XP Home Edition SP1
Microsoft: Windows XP Professional
Microsoft: Windows XP Professional DA
Microsoft: Windows XP Professional DE
Microsoft: Windows XP Professional ES
Microsoft: Windows XP Professional FI
Microsoft: Windows XP Professional FR
Microsoft: Windows XP Professional IT
Microsoft: Windows XP Professional JA
Microsoft: Windows XP Professional KO
Microsoft: Windows XP Professional NL
Microsoft: Windows XP Professional NO
Microsoft: Windows XP Professional PT
Microsoft: Windows XP Professional PTBR
Microsoft: Windows XP Professional SP1
Microsoft: Windows XP Professional SP1 DA
Microsoft: Windows XP Professional SP1 DE
Microsoft: Windows XP Professional SP1 ES
Microsoft: Windows XP Professional SP1 FI
Microsoft: Windows XP Professional SP1 FR
Microsoft: Windows XP Professional SP1 IT
Microsoft: Windows XP Professional SP1 JA
Microsoft: Windows XP Professional SP1 KO
Microsoft: Windows XP Professional SP1 NL
Microsoft: Windows XP Professional SP1 NO
Microsoft: Windows XP Professional SP1 PT
Microsoft: Windows XP Professional SP1 PTBR
Microsoft: Windows XP Professional SP1 SV
Microsoft: Windows XP Professional SP1 ZHCN
Microsoft: Windows XP Professional SV
Microsoft: Windows XP Professional ZHCN
References
Microsoft: MS04-007
Mitre CVE: CAN-2003-0818
More information on CA Virus Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=27322
Computer Associates – the Trusted Source of Security Knowledge
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel