CVE-2005-1935

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.

Published: Jun 13, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1935
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2003_server	64-bit	64-bit.x
microsoft / windows_nt	4.0-sp6a	4.0-sp6a.x
microsoft / windows_nt	4.0-sp6	4.0-sp6.x
microsoft / windows_xp	-	-
microsoft / windows_2000	-	-
microsoft / windows_2003_server	r2	r2.x

http://www.phreedom.org/solar/exploits/msasn1-bitstring/
https://exchange.xforce.ibmcloud.com/vulnerabilities/20870

Vulnerability Database

289,599

CVE-2005-1935