• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability

It has been reported that Microsoft ASN.1 library is prone to a double free heap memory corruption vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system.

Exploitation of this issue is likely to cause a denial of service condition due to the unique layout of memory structures in affected systems, however, it is possible to leverage this issue via arbitrary code execution to gain system level privileges on a system.

This vulnerability only affects systems that have installed the patch (MS04-007) for BID 9743 (Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow Vulnerabilities).