Oval Definition:	oval:org.mitre.oval:def:797
Revision Date: 2011-05-16 Version: 48 Title: Windows XP ASN.1 Library Integer Overflow Vulnerabilities Description: Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2003-0818 Platform(s): Microsoft Windows XP Product(s): Microsoft ASN.1 Library Definition Synopsis a vulnerable version of msasn1.dll exists no service pack is installed and msasn1.dll is less than 5.1.2600.119 NOT Win2K/XP/2003 is patched AND the version of msasn1.dll is less than 5.1.2600.119 OR service pack 1 is installed and msasn1.dll is less than 5.1.2600.1274 Win2K/XP/2003/Vista service pack 1 is installed AND the version of msasn1.dll is less than 5.1.2600.1274 AND NOT the patch kb828028 is installed AND Windows XP (sp1 or earlier) is installed Windows XP is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
BACK