Vulnerabilities > CVE-2005-1935 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 12 |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:64363 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-64363 title MS Windows ASN.1 - Remote Exploit (MS04-007) bulletinFamily exploit description No description provided by source. id SSV:8594 last seen 2017-11-19 modified 2008-06-05 published 2008-06-05 reporter Root source https://www.seebug.org/vuldb/ssvid-8594 title MS Windows ASN.1 Remote Exploit (MS04-007)