Oval Definition:oval:org.mitre.oval:def:1007
Revision Date:2011-05-16Version:48
Title:Windows XP ASN.1 Library Double-free Memory Corruption Vulnerability
Description:Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0123
Platform(s):Microsoft Windows XP
Product(s):Microsoft ASN.1 Library
Definition Synopsis
  • a vulnerable version of msasn1.dll exists
  • 32-bit version of Windows and a vulnerable version of msasn1.dll exists
  • 32-Bit version of Windows is installed
  • AND a vulnerable version of msasn1.dll exists depending on service pack level
  • no service pack is installed and msasn1.dll is less than 5.1.2600.137
  • NOT Win2K/XP/2003 is patched
  • AND the version of msasn1.dll is less than 5.1.2600.137
  • OR service pack 1 is installed and msasn1.dll is less than 5.1.2600.1362
  • Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of msasn1.dll is less than 5.1.2600.1362
  • OR 64-bit version of Windows and msasn1.dll is less than 5.1.2600.1362
  • a version of Windows for the ia64 architecture is installed
  • AND the version of msasn1.dll is less than 5.1.2600.1362
  • AND NOT the patch kb835732 is installed
  • AND Windows XP (sp1 or earlier) is installed
  • Windows XP is installed
  • AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
    • BACK