HTTP: IIS Malformed ASN.1 Bit String
This signature detects attempts to exploit vulnerabilities in Microsoft Internet Information Server (IIS). Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000; and XP, contains multiple integer overflows are vulnerable. Attackers can use ASN.1 encoding to overwrite heap data and remotely execute arbitrary code on the target system.
Extended Description
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Affected Products
Microsoft windows_2000
Short Name
HTTP:IIS:ASN.1-BIT-STRING
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ASN.1 Bit CVE-2003-0818 IIS Malformed String bid:9633
Release Date
02/22/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Frequently
Vendors
Microsoft
CVSS Score
7.5