Vulnerability Name: CVE-2003-0818 (CCN-15039) Assigned: 2004-02-10 Published: 2004-02-10 Updated: 2019-04-30 Summary: Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRECVE-2003-0818 20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption 20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption 20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption 20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values VU#216324 Microsoft ASN.1 Library improperly decodes constructed bit strings VU#583108 ASN.1 Vulnerability that Could Allow Code Execution (828028) Security Update for Microsoft Windows (835732) NISCC Assessment of Microsoft ASN.1 Library Vulnerabilities Exploit code for Microsoft Windows ASN.1 Vulnerabilities Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability Microsoft IIS Unspecified Remote Denial Of Service Vulnerability Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow Vulnerabilities Multiple Vulnerabilities in Microsoft ASN.1 Library TA04-041A Microsoft ASN.1 Integer Manipulation Vulnerabilities MS04-007 win-asn1-library-bo(15039) oval:org.mitre.oval:def:653 oval:org.mitre.oval:def:796 oval:org.mitre.oval:def:797 oval:org.mitre.oval:def:799 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:4.0:*:server:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:* OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:workstation:*:x86:* OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:* AND cpe:/o:microsoft:windows:2003_server:*:x64:*:*:*:*:* Vulnerability Name: CVE-2003-0818 (CCN-27832) Assigned: 2004-02-10 Published: 2004-02-10 Updated: 2019-04-30 Summary: Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRECVE-2003-0818 Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values Microsoft ASN.1 Library improperly decodes constructed bit strings ASN.1 Vulnerability that Could Allow Code Execution (828028) Security Update for Microsoft Windows (835732) NISCC Assessment of Microsoft ASN.1 Library Vulnerabilities Exploit code for Microsoft Windows ASN.1 Vulnerabilities Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow Vulnerabilities Multiple Vulnerabilities in Microsoft ASN.1 Library Microsoft ASN.1 Integer Manipulation Vulnerabilities win-asn1-http-bo(27832) Oval Definitions BACK
microsoft windows 2000 *
microsoft windows 2000 * sp1
microsoft windows 2000 * sp2
microsoft windows 2000 * sp3
microsoft windows 2003 server enterprise
microsoft windows 2003 server enterprise_64-bit
microsoft windows 2003 server r2
microsoft windows 2003 server r2
microsoft windows 2003 server standard
microsoft windows 2003 server web
microsoft windows nt 4.0
microsoft windows nt 4.0
microsoft windows nt 4.0
microsoft windows nt 4.0 sp1
microsoft windows nt 4.0 sp1
microsoft windows nt 4.0 sp1
microsoft windows nt 4.0 sp2
microsoft windows nt 4.0 sp2
microsoft windows nt 4.0 sp2
microsoft windows nt 4.0 sp3
microsoft windows nt 4.0 sp3
microsoft windows nt 4.0 sp3
microsoft windows nt 4.0 sp4
microsoft windows nt 4.0 sp4
microsoft windows nt 4.0 sp4
microsoft windows nt 4.0 sp5
microsoft windows nt 4.0 sp5
microsoft windows nt 4.0 sp5
microsoft windows nt 4.0 sp6
microsoft windows nt 4.0 sp6
microsoft windows nt 4.0 sp6
microsoft windows nt 4.0 sp6a
microsoft windows nt 4.0 sp6a
microsoft windows xp *
microsoft windows xp *
microsoft windows xp * gold
microsoft windows xp * sp1
microsoft windows xp * sp1
microsoft windows xp
microsoft windows 2000 * sp2
microsoft windows 2000 * sp3
microsoft windows xp * sp1
microsoft windows 2000 * sp4
microsoft windows xp *
microsoft windows 2003_server
microsoft windows xp * sp1
microsoft windows 2003_server
Denotes that component is vulnerable