Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability

Microsoft ASN.1 handling library has been reported prone to a heap corruption vulnerability. The issue presents itself in the ASN.1 bit string decoding routines, specifically the BERDecBitString() function. The issue manifests when the affected function attempts to process a constructed bit string that contain another nested constructed bit string.

This vulnerability is exposed in a number of security related operating system components, including Kerberos (via UDP port 88), Microsoft IIS with SSL support enabled and NTLMv2 authentication (via TCP ports 135, 139 and 445). Other components may also be affected, though a comprehensive list is not available at this time. Client applications, which use the library, will be affected, including LSASS.EXE and CRYPT32.DLL (and any application that relies on CRYPT32.DLL). The vulnerable library is used frequently in components that handle certificates such as Internet Explorer and Outlook. Handling of signed ActiveX components could also present an exposure.

It should be noted that because ASN.1 data will likely be encoded, for example Kerberos, SSL, IPSec or Base64 encoded, the malicious integer values may be obfuscated and as a result not easily detectable.

Issues related to this vulnerability were originally covered in BID 9626 and 9743, further information has been made available which identifies that this is a distinct vulnerability in the library and so this specific issue has been assigned an individual BID.

** June 5, 2005 Update: An IRC bot style tool may be exploiting this vulnerability. This alert will be updated as further information becomes available.


Privacy Statement
Copyright 2010, SecurityFocus