ATLAS Attack Report: Global Microsoft Windows ASN.1 Library buffer overflow attempt

Attack Report

Global Microsoft Windows ASN.1 Library buffer overflow attempt

View:
Activity
Sources

Output:
Print
XML
CSV

Activity (past 24 hours)

By Service

Service	Attacks per subnet	Percentage
TCP/445 (microsoft-ds)	35.18	100.0%
Other	0.00	0.0%

Sources (past 24 hours)

By Country

Country	Attacks per subnet	Percentage
BE (Belgium)	9.11	25.9%
HR (Croatia)	6.90	19.6%
US (United States)	6.10	17.3%
BZ (Belize)	1.98	5.6%
KR (South Korea)	1.07	3.0%
JP (Japan)	0.93	2.6%
CA (Canada)	0.87	2.5%
DE (Germany)	0.77	2.2%
PL (Poland)	0.71	2.0%
CN (China)	0.66	1.9%
Other	6.08	17.3%

By ASN

ASN	Attacks per subnet	Percentage
AS5432 (BELGACOM-SKYNET-AS)	9.11	25.9%
AS35648 (T-MOBILE-HR-AS)	6.90	19.6%
AS10269 (Belize)	1.98	5.6%
AS19262 (VZGNI-TRANSIT)	1.57	4.5%
AS209 (ASN-QWEST)	0.72	2.1%
AS17877 (NEXG-AS-KR)	0.71	2.0%
AS9299 (IPG-AS-AP)	0.60	1.7%
AS3320 (DTAG)	0.54	1.5%
AS577 (BACOM)	0.52	1.5%
AS12322 (PROXAD)	0.48	1.4%
Other	12.04	34.2%

By Host

Host	Attacks per subnet	Percentage
87.252.152.205	6.90	19.6%
190.197.36.52 (btl-new-ip-52.btl.net)	1.98	5.6%
91.178.74.206 (206.74-178-91.adsl-dyn.isp.belgacom.be)	1.11	3.1%
211.232.4.171 (211-232-4-171.nexg.net)	0.71	2.0%
199.101.14.198 (ccc-14-198.chemeketa.edu)	0.70	2.0%
141.158.29.172 (pool-141-158-29-172.phil.east.verizon.net)	0.54	1.5%
71.176.15.131 (pool-71-176-15-131.nrflva.east.verizon.net)	0.48	1.4%
200.76.148.47 (host-200-76-148-47.block.alestra.net.mx)	0.42	1.2%
81.241.145.212 (212.145-241-81.adsl-dyn.isp.belgacom.be)	0.39	1.1%
213.179.59.30	0.39	1.1%
Other	21.56	61.3%

Background

Description

Microsoft Windows ASN.1 Library buffer overflow attempt

Vulnerabilities

CVE-2003-0818

Age: 1603 days

Severity: High

CVSS Score: 7.0

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.