CVE-2005-1935

Published: Jun 13, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.

Affected (12)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows Nt, Windows Xp

4 products

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	Version 64-bit
Microsoft Windows 2003 Server	Version r2
Microsoft Windows Nt	Version 4.0 sp6
Microsoft Windows Nt	Version 4.0 sp6a
Microsoft Windows Nt	Version 4.0 sp6a
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (4)

http://www.phreedom.org/solar/exploits/msasn1-bitstring/

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/20870

Source: cve@mitre.org

http://www.phreedom.org/solar/exploits/msasn1-bitstring/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/20870

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.