{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#583108", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/583108"}, {"name": "TA04-041A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA04-041A.html"}, {"name": "oval:org.mitre.oval:def:653", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107643836125615&w=2"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107643892224825&w=2"}, {"name": "oval:org.mitre.oval:def:799", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799"}, {"name": "oval:org.mitre.oval:def:796", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796"}, {"name": "VU#216324", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/216324"}, {"name": "MS04-007", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "tags": ["mailing-list", "x_refsource_NTBUGTRAQ"], "url": "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "tags": ["mailing-list", "x_refsource_NTBUGTRAQ"], "url": "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2"}, {"name": "oval:org.mitre.oval:def:797", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0818", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#583108", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/583108"}, {"name": "TA04-041A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-041A.html"}, {"name": "oval:org.mitre.oval:def:653", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107643836125615&w=2"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107643892224825&w=2"}, {"name": "oval:org.mitre.oval:def:799", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799"}, {"name": "oval:org.mitre.oval:def:796", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796"}, {"name": "VU#216324", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/216324"}, {"name": "MS04-007", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2"}, {"name": "oval:org.mitre.oval:def:797", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:05:12.559Z"}, "title": "CVE Program Container", "references": [{"name": "VU#583108", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/583108"}, {"name": "TA04-041A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA04-041A.html"}, {"name": "oval:org.mitre.oval:def:653", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107643836125615&w=2"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107643892224825&w=2"}, {"name": "oval:org.mitre.oval:def:799", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799"}, {"name": "oval:org.mitre.oval:def:796", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796"}, {"name": "VU#216324", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/216324"}, {"name": "MS04-007", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "tags": ["mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2"}, {"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "tags": ["mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2"}, {"name": "oval:org.mitre.oval:def:797", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0818", "datePublished": "2004-02-11T05:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.559Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "matchCriteriaId": "7C5FCE82-1E2F-49B9-B504-8C03F2BCF296", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "matchCriteriaId": "6E7E6AD3-5418-4FEA-84B5-833059CA880D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "35346A7B-2CB5-446D-B0C3-1F21D71A746D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "matchCriteriaId": "089A953C-8446-4E6F-B506-430C38DF37B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "matchCriteriaId": "EA262C44-C0E6-493A-B8E5-4D26E4013226", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "matchCriteriaId": "416F06DD-980E-4A54-822D-CBA499FD1F86", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "matchCriteriaId": "656AE014-AEEC-46E8-A696-61FEA7932F21", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "matchCriteriaId": "EB519FE0-9E7D-4E71-8873-356C9D7CEAB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "matchCriteriaId": "A08D0EA1-DA1B-4C52-883A-3F156F032517", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "matchCriteriaId": "93BA426E-DD51-44AC-BE78-3164670FF9E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "matchCriteriaId": "224F8968-9F4C-4727-AAA3-61F5578EF54C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "matchCriteriaId": "02BE9817-E1AE-4619-8302-CA7AA4167F48", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "matchCriteriaId": "FBBBF25A-709B-4716-9894-AD82180091AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "matchCriteriaId": "407DA6E8-0832-49FE-AE14-35C104C237EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "matchCriteriaId": "88B70B7A-5BCC-4626-AAC7-D1ACFF25D66E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "matchCriteriaId": "82781A72-A34F-4668-9EE8-C203B04E3367", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "matchCriteriaId": "AFE612D2-DF38-404F-AED1-B8C9C24012DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "matchCriteriaId": "12ED7363-6EEE-4688-A9B7-C5EB1107A7B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "matchCriteriaId": "BCDFDBBA-6C4F-472A-9F4F-461C424794E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "matchCriteriaId": "BCC5E316-FB61-408B-BAA2-7FE03D581250", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "matchCriteriaId": "EDDD8DA8-D074-4543-AEDF-F856B5567F21", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "matchCriteriaId": "AB6ADBAF-6EB0-4CFA-9D33-A814AC20484E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en la librer\u00eda ASN.1 de Microsoft (MSASN1.DLL), usada en LSASS.EXE, CRYPT32.DLL, y otros ejecutables de Microsoft y librer\u00edas en Windows NT/2000/XP, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante codificaciones ASN.1 BER con campos de longitud muy largos que hace que se sobreescriban datos arbitrarios del mont\u00f3n."}], "id": "CVE-2003-0818", "lastModified": "2019-04-30T14:27:13.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-03-03T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107643836125615&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107643892224825&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/216324"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/583108"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA04-041A.html"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}