Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft ASN.1 library 'BERDecBitString'函数 堆缓冲区溢出漏洞
Vulnerability Description
Microsoft ASN.1 library (MSASN1.DLL)的BERDecBitString函数存在堆缓冲区溢出漏洞,远程攻击者可使用嵌套结构化位串,导致对一个非空指针重新分配内存(realloc函数),并利用此函数覆盖指针以前指向的内存,从而执行任意代码。比如HTTP验证中使用带有结构化位串的SPNEGO令牌。
CVSS Information
N/A
Vulnerability Type
N/A