regards another overflow.

patch located at:
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp


Microsoft ASN.1 Library Bit String Heap Corruption

Release Date:
February 10, 2004

Date Reported:
September 25, 2003

Severity:
High (Remote Code Execution)

Systems Affected:
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Description:
eEye Digital Security has discovered a second critical vulnerability in
Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to
overwrite heap memory with data he or she controls and cause the
execution of arbitrary code.  ASN.1 is an industry standard used in a
variety of binary protocols, and as a result, this flaw in Microsoft's
implementation can be reached through a number of Windows applications
and services.  Ironically, the security-related functionality in Windows
is especially adept at rendering a machine vulnerable to this attack,
including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139,
445).

Technical Description:
Thanks to another pair of integer overflows, software that uses MSASN1
directly or indirectly is again vulnerable to a complete overwrite of a
large portion of its heap memory.  This time, the attack is specific to
bit string values (tags 03h and 23h), but the outcome is the same as
with the heap corruption involving large data lengths.