CVE-2005-1935
Published Jun 13, 2005
Last updated 7 years ago
Overview
- Description
- Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCC5E316-FB61-408B-BAA2-7FE03D581250"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB6ADBAF-6EB0-4CFA-9D33-A814AC20484E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"
}
],
"operator": "OR"
}
]
}
]