VULHUB ™

It has been reported that Microsoft ASN.1 library may be prone to multiple stack-based buffer overflow vulnerabilities that could allow an attacker to execute arbitrary code leading to unauthorized access to a vulnerable system. The issues have been identified in ASN1BERDecDouble and ASN1PERDecDouble functions. These vulnerabilities may have different attack vectors depending upon the services and applications employing the affected functions. Like previously reported issues in the library (BIDs 9633 and 9635), the vulnerable functions could theoretically be used in certificate handling code in Microsoft or third-party software. Reportedly, the first issue is not exploitable under Windows 2000 SP4 and the second issue has been addressed by the fixes released in MS04-007. This information has not been confirmed by Symantec.

It has been reported that Microsoft ASN.1 library may be prone to multiple stack-based buffer overflow vulnerabilities that could allow an attacker to execute arbitrary code leading to unauthorized access to a vulnerable system. The issues have been identified in ASN1BERDecDouble and ASN1PERDecDouble functions. These vulnerabilities may have different attack vectors depending upon the services and applications employing the affected functions. Like previously reported issues in the library (BIDs 9633 and 9635), the vulnerable functions could theoretically be used in certificate handling code in Microsoft or third-party software. Reportedly, the first issue is not exploitable under Windows 2000 SP4 and the second issue has been addressed by the fixes released in MS04-007. This information has not been confirmed by Symantec.