7.5 - CVE-2003-0818

Executive Summary

Informations
Name	CVE-2003-0818	First vendor Publication	2004-03-03
Vendor	Cve	Last vendor Modification	2019-04-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0818

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:653

Oval ID:	oval:org.mitre.oval:def:653
Title:	Windows 2000 ASN.1 Library Integer Overflow Vulnerabilities
Description:	Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0818	Version:	1
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft ASN.1 Library
Definition Synopsis:
Windows 2000 is installed AND the version of msasn1.dll is less than 5.0.2195.6823 AND NOT the patch kb828028 is installed

Definition Id: oval:org.mitre.oval:def:796

Oval ID:	oval:org.mitre.oval:def:796
Title:	Windows NT ASN.1 Library Integer Overflow Vulnerabilities
Description:	Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0818	Version:	2
Platform(s):	Microsoft Windows NT	Product(s):	Microsoft ASN.1 Library
Definition Synopsis:
Microsoft Windows NT is installed AND the version of msasn1.dll is less than 5.0.2195.6824 AND NOT the patch kb828028 is installed

Definition Id: oval:org.mitre.oval:def:797

Oval ID:	oval:org.mitre.oval:def:797
Title:	Windows XP ASN.1 Library Integer Overflow Vulnerabilities
Description:	Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0818	Version:	7
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft ASN.1 Library
Definition Synopsis:
a vulnerable version of msasn1.dll exists no service pack is installed and msasn1.dll is less than 5.1.2600.119 NOT Win2K/XP/2003 is patched AND the version of msasn1.dll is less than 5.1.2600.119 OR service pack 1 is installed and msasn1.dll is less than 5.1.2600.1274 Win2K/XP/2003 service pack 1 is installed AND the version of msasn1.dll is less than 5.1.2600.1274 AND NOT the patch kb828028 is installed AND Windows XP (sp1 or earlier) is installed Windows XP is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed

Definition Id: oval:org.mitre.oval:def:799

Oval ID:	oval:org.mitre.oval:def:799
Title:	Windows Server 2003 ASN.1 Library Integer Overflow Vulnerabilities
Description:	Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0818	Version:	1
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft ASN.1 Library
Definition Synopsis:
Windows Server 2003 is installed AND the version of msasn1.dll is less than 5.2.3790.88 AND NOT the patch kb828028 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp3::::::* cpe:2.3:o:microsoft:windows_2000::sp2::::::* cpe:2.3:o:microsoft:windows_2000::sp1::::::* cpe:2.3:o:microsoft:windows_2000::::::::	4
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:web:::::::* cpe:2.3:o:microsoft:windows_2003_server:standard::64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:r2::64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:r2::datacenter_64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:::::::* cpe:2.3:o:microsoft:windows_2003_server:enterprise::64-bit:::::	6
Os	Microsoft Windows Nt cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0::workstation::::: cpe:2.3:o:microsoft:windows_nt:4.0::server::::: cpe:2.3:o:microsoft:windows_nt:4.0::terminal_server:::::	23
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp1:64-bit::::: cpe:2.3:o:microsoft:windows_xp::sp1:home::::: cpe:2.3:o:microsoft:windows_xp:::home:::::* cpe:2.3:o:microsoft:windows_xp:::64-bit:::::* cpe:2.3:o:microsoft:windows_xp::gold:professional:::::	5

ExploitDB Exploits

id	Description
2010-07-25	Microsoft ASN.1 Library Bitstring Heap Overflow
2004-03-26	MS Windows ASN.1 - Remote Exploit (MS04-007)
2004-02-14	MS Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007)

OpenVAS Exploits

Date	Description
2009-03-15	Name : MS04-011 security check File : nvt/remote-MS04-011.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
3902	Microsoft Windows ASN.1 Library Integer Overflow A vulnerability exists in the ASN.1 protocol library used by the Windows operating system. This flaw allows a hostile BITSTRING ASN.1 sequence to overwrite sections of heap memory remotely through any service which parses ASN.1 data. Examples of affected services include NetBIOS, SMB, IPSEC, Kerberos, SSL, and IIS. With a specially crafted request, an attacker can execute code with the privileges of the processing component, resulting in a loss of integrity.

Description

3902

Microsoft Windows ASN.1 Library Integer Overflow

A vulnerability exists in the ASN.1 protocol library used by the Windows operating system. This flaw allows a hostile BITSTRING ASN.1 sequence to overwrite sections of heap memory remotely through any service which parses ASN.1 data. Examples of affected services include NetBIOS, SMB, IPSEC, Kerberos, SSL, and IIS. With a specially crafted request, an attacker can execute code with the privileges of the processing component, resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2016-03-15	Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt RuleID : 37635 - Revision : 2 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow att... RuleID : 3005-community - Revision : 12 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow att... RuleID : 3005 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt RuleID : 3004-community - Revision : 12 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt RuleID : 3004 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt RuleID : 3003-community - Revision : 12 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt RuleID : 3003 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt RuleID : 3002-community - Revision : 11 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt RuleID : 3002 - Revision : 11 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt RuleID : 3001-community - Revision : 11 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt RuleID : 3001 - Revision : 11 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt RuleID : 3000-community - Revision : 11 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt RuleID : 3000 - Revision : 11 - Type : OS-WINDOWS
2014-01-10	NTLM ASN1 vulnerability scan attempt RuleID : 2386-community - Revision : 23 - Type : SERVER-IIS
2014-01-10	NTLM ASN1 vulnerability scan attempt RuleID : 2386 - Revision : 23 - Type : SERVER-IIS
2014-01-10	SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt RuleID : 2385 - Revision : 13 - Type : NETBIOS
2014-01-10	SMB NTLMSSP invalid mechlistMIC attempt RuleID : 2384 - Revision : 12 - Type : NETBIOS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt RuleID : 2383-community - Revision : 26 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt RuleID : 2383 - Revision : 26 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt RuleID : 2382-community - Revision : 25 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt RuleID : 2382 - Revision : 25 - Type : OS-WINDOWS
2014-01-10	Microsoft SPNEGO ASN.1 library heap corruption overflow attempt RuleID : 12905 - Revision : 6 - Type : SPECIFIC-THREATS
2014-01-10	ASN.1 constructed bit string RuleID : 12710 - Revision : 6 - Type : SERVER-OTHER
2014-01-10	Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt RuleID : 12058 - Revision : 11 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2004-02-18	Name : The remote host has multiple integer overflow vulnerabilities. File : mail_asn1_decoding.nasl - Type : ACT_GATHER_INFO
2004-02-15	Name : The remote Windows host is affected by a memory corruption vulnerability. File : http_asn1_decoding.nasl - Type : ACT_GATHER_INFO
2004-02-13	Name : Arbitrary code can be executed on the remote host. File : windows_asn1_vuln_ntlm.nasl - Type : ACT_GATHER_INFO
2004-02-10	Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms04-007.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BUGTRAQ	http://marc.info/?l=bugtraq&m=107643836125615&w=2 http://marc.info/?l=bugtraq&m=107643892224825&w=2
CERT	http://www.us-cert.gov/cas/techalerts/TA04-041A.html
CERT-VN	http://www.kb.cert.org/vuls/id/216324 http://www.kb.cert.org/vuls/id/583108
MS	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04...
NTBUGTRAQ	http://marc.info/?l=ntbugtraq&m=107650972617367&w=2 http://marc.info/?l=ntbugtraq&m=107650972723080&w=2
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:02:21	Multiple Updates
2024-02-01 12:01:28	Multiple Updates
2023-09-05 12:02:14	Multiple Updates
2023-09-05 01:01:19	Multiple Updates
2023-09-02 12:02:16	Multiple Updates
2023-09-02 01:01:19	Multiple Updates
2023-08-12 12:02:46	Multiple Updates
2023-08-12 01:01:20	Multiple Updates
2023-08-11 12:02:21	Multiple Updates
2023-08-11 01:01:21	Multiple Updates
2023-08-06 12:02:10	Multiple Updates
2023-08-06 01:01:20	Multiple Updates
2023-08-04 12:02:14	Multiple Updates
2023-08-04 01:01:21	Multiple Updates
2023-07-14 12:02:13	Multiple Updates
2023-07-14 01:01:21	Multiple Updates
2023-03-29 01:02:13	Multiple Updates
2023-03-28 12:01:26	Multiple Updates
2022-10-11 12:01:58	Multiple Updates
2022-10-11 01:01:13	Multiple Updates
2021-05-04 12:01:59	Multiple Updates
2021-04-22 01:02:15	Multiple Updates
2020-05-23 13:16:44	Multiple Updates
2020-05-23 00:15:30	Multiple Updates
2019-05-09 12:01:19	Multiple Updates
2019-04-30 21:19:17	Multiple Updates
2018-10-13 00:22:27	Multiple Updates
2017-10-11 09:23:18	Multiple Updates
2016-10-18 12:01:13	Multiple Updates
2016-04-26 12:37:36	Multiple Updates
2014-02-17 10:26:36	Multiple Updates
2014-01-19 21:22:01	Multiple Updates
2013-05-11 11:53:04	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	4
CPE ID(s)	38
Sources(s)	12
osvdb(s)	1
ExploitDB Exploit(s)	3
Openvas Exploit(s)	1
Snort® Rule(s)	24
Nessus® Exploit(s)	4

	Related
7.5	MS04-007
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - CVE-2003-0818

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU