Technology, Support, and News Forum

[ODiaz86 Profile WebsiteICQYIM]

SECURITY UPDATE
ASN.1 Vulnerability Could Allow Code Execution
11 February 2004
Severity Rating: Critical

Risk Impact:
Remote code execution

Affected Software:
Microsoft Windows XP (XP, XP 64-bit edition and XP 64-bit edition 2003), Windows 2000, Windows NT (Workstation 4.0, Server 4.0 and Server 4.0 Terminal Server Edition) and Windows Server 2003 (2003 and 64-bit edition).

Details:
This vulnerability is caused by unchecked buffer in Microsoft ASN.1 Library which results in buffer overflow. An attacker which exploit this vulnerability could execute code with system privileges on an affected system. The attacker can take any action on the system, including installing programs, viewing data, changing data, deleting data and creating new accounts with full privileges. This vulnerability could also be exploited by an internet worm, including the recent Blast worm (also known as MSBlast).

Patch Availability:

http://www.microsoft.com/technet/

Please visit this page and select the correct version of Windows for the security patch.
Please visit the source for details of patches.

Microsoft Security Bulletin MS04-007, Sophos and eEye Digital Security.

[MinusDriver Profile Website]

You can also go here for more info: Click Here