Intrusion Prevention

MS.Windows.ASN.1.Bitstring.Heap.Overflow

Description

This indicates an attack attempt against a vulnerability in the Microsoft ASN.1 library.
The vulnerability is in MSASN1.DLL, which is part of the ASN.1 library. It is due to the software's inabiity to properly handle nested constructed bit strings. It may allow remote attackers to execute arbitrary code via specially crafted ASN.1 BER encodings.

Affected Products

Microsoft, Windows NT, Workstation 4.0 SP6a
Microsoft, Windows 2000, Service Pack 2
Microsoft, Windows 2000, Service Pack 3
Microsoft, Windows 2000, Service Pack 4, FR
Microsoft, Windows XP, Gold
Microsoft, Windows XP, Service Pack 1, Tablet PC
Microsoft, Windows XP, 64-bit
Microsoft, Windows XP, 64-bit, Service Pack 1
Microsoft, Windows XP, 64-bit Version 2003, Service Pack 1
Microsoft, Windows Server 2003, Release 2
Microsoft, Windows Server 2003, 64-bit
Microsoft, Windows NT, Server 4.0 SP6a
Microsoft, Windows NT, Terminal Server 4.0 SP6

Impact

System compromise: Remote code execution.

Recommended Actions

Apply corresponding patches.
Microsoft Windows 2000 Server SP2:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium 0:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows Server 2003 Standard Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows XP Professional:
* Microsoft Security Update for Windows XP: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE -48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows XP 64-bit Edition SP1:
* Microsoft Security Update for Windows XP 64-Bit Edition: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318 -4AD5-9C2C-0577118A1E68&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows 2000 Advanced Server SP4:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows 2000 Professional SP3:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows 2000 Professional SP2:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows Server 2003 Web Edition:
* Microsoft Security Update for Windows Server 2003: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497 -42FF-90E7-283732B2E117&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows XP Home:
* Microsoft Security Update for Windows XP: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE -48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows XP Home SP1:
* Microsoft Security Update for Windows XP: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE -48E9-ACD0-1343D89CCBBA&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003 SP1:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows 2000 Server SP3:
* Microsoft Security Update for Windows 2000: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2 -4797-A8C6-A2E663A53698&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003:
* Microsoft Security Upd for Windows Server 2003 64-bit Edition/Windows XP 64-bit Edition Version 2003:KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1 -4B5F-958F-E178C3F61F7C&displaylang=en
Microsoft Windows XP 64-bit Edition:
* Microsoft Security Update for Windows XP 64-Bit Edition: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318 -4AD5-9C2C-0577118A1E68&displaylang=en
Microsoft Windows NT Server 4.0 SP6a:
* Microsoft Security Update for Windows NT Server 4.0: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=E8315430-90CD -4B20-8F54-58527932B588&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP6:
* Microsoft Security Update for Windows NT Server Terminal Server Edition: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=D83B39D3-FF13 -4D0B-B406-A225AED0D659&displaylang=en
Microsoft Windows NT Workstation 4.0 SP6a:
* Microsoft Security Update for Windows NT Workstation 4.0: KB828028
http://www.microsoft.com/downloads/details.aspx?FamilyId=92400199-B3D5 -4826-98D4-F134849F5249&displaylang=en

CVE References

CVE-2005-1935