Reported February 10, 2004, by Microsoft.
VERSIONS AFFECTED
·
Windows
Server 2003
·
Windows
XP
·
Windows
2000 Server
·
Windows
NT Server 4.0 Terminal Server Edition (WTS)
·
Windows
NT Server 4.0
DESCRIPTION
A vulnerability in Windows can result in the remote execution of arbitrary code
on the vulnerable system with System privileges. The vulnerability, which is a
result of an unchecked buffer in the Microsoft ASN.1 Library, could lead to a
buffer overflow. An attacker could then take any action on the system, including
installing programs, viewing data, changing data, deleting data, and creating
new accounts with full privileges.
VENDOR RESPONSE
Microsoft has released security bulletin
MS04-007, "ASN.1 Vulnerability
Could Allow Code Execution (828028),"
to address this vulnerability and recommends that affected users immediately
apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by
eEye Digital Security.