Vulnerabilities > CVE-2005-1935 - Remote Security vulnerability in Windows NT Terminal Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

NVD

Published: 2005-06-13

Updated: 2017-07-11

Summary

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 2003 Server 64-Bit Microsoft Windows 2003 Server R2 Microsoft Windows NT 4.0 Microsoft Windows XP *	12

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:64363
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-64363
title	MS Windows ASN.1 - Remote Exploit (MS04-007)

bulletinFamily	exploit
description	No description provided by source.
id	SSV:8594
last seen	2017-11-19
modified	2008-06-05
published	2008-06-05
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-8594
title	MS Windows ASN.1 Remote Exploit (MS04-007)

Summary

Vulnerable Configurations

Seebug

References