oval:org.mitre.oval:def:797

Definition Id: oval:org.mitre.oval:def:797

Oval ID:	oval:org.mitre.oval:def:797
Title:	Windows XP ASN.1 Library Integer Overflow Vulnerabilities
Description:	Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0818	Version:	7
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft ASN.1 Library
Definition Synopsis:
a vulnerable version of msasn1.dll exists no service pack is installed and msasn1.dll is less than 5.1.2600.119 NOT Win2K/XP/2003 is patched AND the version of msasn1.dll is less than 5.1.2600.119 OR service pack 1 is installed and msasn1.dll is less than 5.1.2600.1274 Win2K/XP/2003 service pack 1 is installed AND the version of msasn1.dll is less than 5.1.2600.1274 AND NOT the patch kb828028 is installed AND Windows XP (sp1 or earlier) is installed Windows XP is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed