Family: Windows : Microsoft Bulletins --> Category: infos
ASN.1 parsing vulnerability (828028) Vulnerability Scan
Vulnerability Scan Summary
Checks the version of MDAC
Detailed Explanation for this Vulnerability Test
Arbitrary code can be executed on the remote host.
The remote Windows host has a ASN.1 library which is vulnerable to a
flaw which could allow a possible hacker to execute arbitrary code on this host.
To exploit this flaw, a possible hacker would need to send a specially crafted
ASN.1 encoded packet (either an IPsec session negotiation, or an HTTPS request)
with improperly advertised lengths.
A public code is available to exploit this flaw.
Microsoft has released a set of patches for Windows NT, 2000, XP and 2003 :
Critical / CVSS Base Score : 10
Click HERE for more information and discussions on this network vulnerability scan.