CVE-2003-0818
Microsoft ASN.1 library - RCE
Title source: llmDescription
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16377
exploitdb
WORKING POC
VERIFIED
by Solar Eclipse · textremotewindows
https://www.exploit-db.com/exploits/3022
exploitdb
WORKING POC
VERIFIED
by Christophe Devine · cdoswindows
https://www.exploit-db.com/exploits/153
metasploit
WORKING POC
LOW
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms04_007_killbill.rb
References (12)
Scores
EPSS
0.8965
EPSS Percentile
99.6%
Details
Status
published
Products (8)
microsoft/windows_2000
(4 CPE variants)
microsoft/windows_2003_server
enterprise
microsoft/windows_2003_server
enterprise_64-bit
microsoft/windows_2003_server
r2 (2 CPE variants)
microsoft/windows_2003_server
standard
microsoft/windows_2003_server
web
microsoft/windows_nt
4.0 (23 CPE variants)
microsoft/windows_xp
(5 CPE variants)
Published
Mar 03, 2004
Tracked Since
Feb 18, 2026