CVE-2003-0818 | Vulnerability Database | Aqua Security

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.

Affected Software

Name	Vendor	Start Version	End Version
Windows_2000	Microsoft	*	*
Windows_2003_server	Microsoft	enterprise (including)	enterprise (including)
Windows_2003_server	Microsoft	enterprise_64-bit (including)	enterprise_64-bit (including)
Windows_2003_server	Microsoft	r2 (including)	r2 (including)
Windows_2003_server	Microsoft	standard (including)	standard (including)
Windows_2003_server	Microsoft	web (including)	web (including)
Windows_nt	Microsoft	4.0 (including)	4.0 (including)
Windows_nt	Microsoft	4.0-sp1 (including)	4.0-sp1 (including)
Windows_nt	Microsoft	4.0-sp2 (including)	4.0-sp2 (including)
Windows_nt	Microsoft	4.0-sp3 (including)	4.0-sp3 (including)
Windows_nt	Microsoft	4.0-sp4 (including)	4.0-sp4 (including)
Windows_nt	Microsoft	4.0-sp5 (including)	4.0-sp5 (including)
Windows_nt	Microsoft	4.0-sp6 (including)	4.0-sp6 (including)
Windows_nt	Microsoft	4.0-sp6a (including)	4.0-sp6a (including)
Windows_xp	Microsoft	*	*

References

http://marc.info/?l=bugtraq\u0026m=107643836125615\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107643892224825\u0026w=2
http://marc.info/?l=ntbugtraq\u0026m=107650972617367\u0026w=2
http://marc.info/?l=ntbugtraq\u0026m=107650972723080\u0026w=2
http://www.kb.cert.org/vuls/id/216324
http://www.kb.cert.org/vuls/id/583108
http://www.us-cert.gov/cas/techalerts/TA04-041A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799
http://marc.info/?l=bugtraq\u0026m=107643836125615\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107643892224825\u0026w=2
http://marc.info/?l=ntbugtraq\u0026m=107650972617367\u0026w=2
http://marc.info/?l=ntbugtraq\u0026m=107650972723080\u0026w=2
http://www.kb.cert.org/vuls/id/216324
http://www.kb.cert.org/vuls/id/583108
http://www.us-cert.gov/cas/techalerts/TA04-041A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0818
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html