US-CERT Alert: Exploitation of Microsoft ASN.1 Vulnerabilities

US-CERT Alert: Exploitation of Microsoft ASN.1 Vulnerabilities

June 10, 2005 -- US-CERT has received reports indicating an increase in the scanning for and exploitation of systems affected by one or more vulnerabilities in the Microsoft ASN.1 Library (MSASN1.DLL). These vulnerabilities are caused by the way that certain ASN.1 length values and bit strings are decoded. By sending specially crafted ASN.1 data, an attacker may be able to execute arbitrary code with SYSTEM privileges and gain complete control of a vulnerable system.

MS04-007 explains how an attacker could exploit these vulnerabilities:

"Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors. To successfully exploit this vulnerability, an attacker must force a computer to decode malformed ASN.1 data. For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed authentication request that could expose this vulnerability."

It is possible that these attacks target Secure Sockets Layer (SSL) or other cryptographic authentication capabilities in Microsoft Internet Information Server (IIS). In addition, a number of exploit tools now include functionality to take advantage of these vulnerabilities.

More information about these vulnerabilities is available in the following US-CERT Vulnerability Notes:

VU#216324 - Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values
VU#583108 - Microsoft ASN.1 Library improperly decodes constructed bit strings

Microsoft has released a patch to address these vulnerabilities in Microsoft Security Bulletin MS04-007.

Source: US-CERT



Source: Wired News