module
MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow
| Disclosed | Created |
|---|---|
| Feb 10, 2004 | May 30, 2018 |
Disclosed
Feb 10, 2004
Created
May 30, 2018
Description
This is an exploit for a previously undisclosed
vulnerability in the bit string decoding code in the
Microsoft ASN.1 library. This vulnerability is not related
to the bit string vulnerability described in eEye advisory
AD20040210-2. Both vulnerabilities were fixed in the
MS04-007 patch. Windows 2000 SP4 Rollup 1 also patches this
vulnerability.
You are only allowed one attempt with this vulnerability. If
the payload fails to execute, the LSASS system service will
crash and the target system will automatically reboot itself
in 60 seconds. If the payload succeeds, the system will no
longer be able to process authentication requests, denying
all attempts to login through SMB or at the console. A
reboot is required to restore proper functioning of an
exploited system.
This exploit has been successfully tested with the win32/*/reverse_tcp
payloads, however a few problems were encountered when using the
equivalent bind payloads. Your mileage may vary.
vulnerability in the bit string decoding code in the
Microsoft ASN.1 library. This vulnerability is not related
to the bit string vulnerability described in eEye advisory
AD20040210-2. Both vulnerabilities were fixed in the
MS04-007 patch. Windows 2000 SP4 Rollup 1 also patches this
vulnerability.
You are only allowed one attempt with this vulnerability. If
the payload fails to execute, the LSASS system service will
crash and the target system will automatically reboot itself
in 60 seconds. If the payload succeeds, the system will no
longer be able to process authentication requests, denying
all attempts to login through SMB or at the console. A
reboot is required to restore proper functioning of an
exploited system.
This exploit has been successfully tested with the win32/*/reverse_tcp
payloads, however a few problems were encountered when using the
equivalent bind payloads. Your mileage may vary.
Author
Solar Eclipse [email protected]
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.