Windows CE Abstract Syntax Notation One Library Integer Overflow Vulnerability
TITLE: Windows CE Abstract Syntax Notation One Library Integer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Sep 25 2003 12:00AM
UPDATE: Jun 12 2007 11:09PM
CREDIT: The vendor reported this issue.
VULNERABLE:
Microsoft Windows CE 4.2NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Windows CE ASN.1 is prone to an integer-overflow vulnerability because it fails to prevent an arithmetic operation from wrapping around an integer value. This condition will cause the affected library to later allocate an insuficiently sized memory buffer, resulting in a buffer overflow.
A remote attacker can exploit this issue to execute arbitrary code in the context of applications using the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
Microsoft Windows CE 4.2 is vulnerable to this issue.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
References
References:
- FIX: An exception occurs in Abstract Syntax Notation and the application quits u (Microsoft)
- Microsoft Windows CE Homepage (Microsoft)
- The Elephant Under the Carpet (and when I say 'carpet' I mean PDA) (Symantec )