CVE-2003-0818

CVE Database · CVE-2003-0818

CVE-2003-0818

· N/AModified

CVSS v3.1

N/A

EPSS

82.24%

Published

Mar 3, 2004

Modified

Apr 15, 2026

Public PoC / Exploit (4)

All weaponized →

Exploit-DBMicrosoft Windows - ASN.1 'LSASS.exe' Remote Denial of Service (MS04-007)Exploit-DBMicrosoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) (Metasploit)Exploit-DBMicrosoft Windows - ASN.1 Remote (MS04-007)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.

Affected Products (38)

microsoft · windows_2000vulnerable

microsoft · windows_2003_servervulnerable

References (20)

http://marc.info/?l=bugtraq&m=107643836125615&w=2

http://marc.info/?l=bugtraq&m=107643892224825&w=2

http://marc.info/?l=ntbugtraq&m=107650972617367&w=2

http://marc.info/?l=ntbugtraq&m=107650972723080&w=2

http://www.kb.cert.org/vuls/id/216324

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/583108

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA04-041A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653

KEV Catalog EPSS Scores Vendors All CVEs