Windows CE Abstract Syntax Notation One Library Integer Overflow Vulnerability

Windows CE Abstract Syntax Notation One Library Integer Overflow Vulnerability

Windows CE ASN.1 is prone to an integer-overflow vulnerability because it fails to prevent an arithmetic operation from wrapping around an integer value. This condition will cause the affected library to later allocate an insuficiently sized memory buffer, resulting in a buffer overflow.

A remote attacker can exploit this issue to execute arbitrary code in the context of applications using the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

Microsoft Windows CE 4.2 is vulnerable to this issue.