Microsoft Windows patch - Vulnerability Could Allow Code Execution

Posted on Wednesday, Feb 11 2004 @ 12:16 CET by LSDsmurf

Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the update immediately.
security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.

An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.

Mitigating factors:
In the most likely exploitable scenario, an attacker would have to have direct access to the user's network.

Program Information

Category:
Patches and updates
Type:
Freeware


Version:
1.0
Size:
/
Works on:
Windows


Product page: here

Download: Microsoft Windows patch - Vulnerability Could Allow Code Execution



Loading Comments