ASN.1 Multiple Integer Overflows (SMTP check)

Critical Nessus Plugin ID 12065


The remote host has multiple integer overflow vulnerabilities.


The remote Windows host has an ASN.1 library with multiple integer overflow vulnerabilities. These issues could lead to a heap-based buffer overflow. A remote attacker could exploit these issues to execute arbitrary code.

This particular check sent a malformed SMTP authorization packet and determined that the remote host is not patched.


Microsoft has released a set of patches for Windows NT, 2000, XP, and 2003.

See Also

Plugin Details

Severity: Critical

ID: 12065

File Name: mail_asn1_decoding.nasl

Version: $Revision: 1.37 $

Type: remote

Published: 2004/02/18

Modified: 2017/08/30

Dependencies: 11421, 10263

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2004/02/10

Vulnerability Publication Date: 2004/02/10

Exploitable With


Core Impact

Metasploit (MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow)

Reference Information

CVE: CVE-2003-0818

BID: 9633, 9635, 9743, 13300

OSVDB: 3902

MSFT: MS04-007

MSKB: 828028