 |
Name:
MS.Windows.ASN.1.Bitstring.Overflow.B
|
Released Date:
May 20 2008
|
Severity:
high
|
CVE:
2005-1935
|
|
|
|
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates detection of an attempt to exploit a vulnerability in the Microsoft ASN.1 library via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory.
The vulnerability is in MSASN1.DLL, part of the ASN.1 library. It may allow remote attackers to execute arbitrary code via specially crafted ASN.1 BER encodings.
|
|
|
|
Impact
|
|
System compromise: remote code execution.
|
|
|
|
Affected Products
|
Microsoft, Windows NT, Workstation 4.0 SP6a
Microsoft, Windows 2000, Service Pack 2
Microsoft, Windows 2000, Service Pack 3
Microsoft, Windows 2000, Service Pack 4, FR
Microsoft, Windows XP, Gold
Microsoft, Windows XP, Service Pack 1, Tablet PC
Microsoft, Windows XP, 64-bit
Microsoft, Windows XP, 64-bit, Service Pack 1
Microsoft, Windows XP, 64-bit Version 2003, Service Pack 1
Microsoft, Windows Server 2003, Release 2
Microsoft, Windows Server 2003, 64-bit
Microsoft, Windows NT, Server 4.0 SP6a
Microsoft, Windows NT, Terminal Server 4.0 SP6
|
|
Aliases
|
|
References
|
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1935
|
|
Recommended Actions
|
Apply corresponding patches.
Microsoft Windows 2000 Server SP2:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium 0:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows Server 2003 Standard Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows XP Professional:
* Microsoft Security Update for Windows XP: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE -48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows XP 64-bit Edition SP1:
* Microsoft Security Update for Windows XP 64-Bit Edition: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318 -4AD5-9C2C-0577118A1E68&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows 2000 Advanced Server SP4:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows 2000 Professional SP3:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows 2000 Professional SP2:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows Server 2003 Web Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows XP Home:
* Microsoft Security Update for Windows XP: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE -48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows XP Home SP1:
* Microsoft Security Update for Windows XP: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE -48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003 SP1:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows 2000 Server SP3:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows XP 64-bit Edition:
* Microsoft Security Update for Windows XP 64-Bit Edition: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318 -4AD5-9C2C-0577118A1E68&displaylang=en
Microsoft Windows NT Server 4.0 SP6a:
* Microsoft Security Update for Windows NT Server 4.0: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=E8315430-90CD -4B20-8F54-58527932B588&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP6:
* Microsoft Security Update for Windows NT Server Terminal Server Edition: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=D83B39D3-FF13 -4D0B-B406-A225AED0D659&displaylang=en
Microsoft Windows NT Workstation 4.0 SP6a:
* Microsoft Security Update for Windows NT Workstation 4.0: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=92400199-B3D5 -4826-98D4-F134849F5249&displaylang=en
|
|
