CVE-2005-1935

2005-06-1304:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1935

msasn1.dll

remote code execution

buffer overflow

spnego

http authentication

ms:ms04-007 fix

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.

Affected configurations

NVD

Node

microsoftwindows_2000sp2

microsoftwindows_2000sp3

microsoftwindows_2000sp4fr

microsoftwindows_2003_serverMatch64-bit

microsoftwindows_2003_serverMatchr2

microsoftwindows_ntMatch4.0sp6terminal_server

microsoftwindows_ntMatch4.0sp6aserver

microsoftwindows_ntMatch4.0sp6aworkstation

microsoftwindows_xp64-bit

microsoftwindows_xpgold

microsoftwindows_xpsp164-bit

microsoftwindows_xpsp1tablet_pc

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq64-bit
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	64-bit
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_xp	microsoft windows xp	eq	*