CVE-2004-0123
Description
Double free vulnerability in Microsoft Windows ASN.1 library allows remote code execution or denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Double free vulnerability in Microsoft Windows ASN.1 library allows remote code execution or denial of service.
Vulnerability
A double-free vulnerability exists in the Microsoft ASN.1 library (MSASN1.dll) used by Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. The flaw is a memory management error triggered when processing specially crafted ASN.1 data, leading to a double free condition. [1][2]
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a maliciously crafted network request to an affected system. No special privileges or user interaction is required. The attacker can trigger the double free by causing the library to free the same memory block twice, leading to memory corruption. [1][2]
Impact
Successful exploitation could allow an attacker to execute arbitrary code with system privileges or cause a denial of service (system crash). This gives the attacker complete control over the affected system. [1][2]
Mitigation
Microsoft released security update MS04-011 on April 13, 2004 to address this vulnerability. All affected versions (Windows NT 4.0 SP6a, Windows 2000 SP2-SP4, Windows XP (including SP1), Windows Server 2003) should apply the update immediately. No workaround is available. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.kb.cert.org/vuls/id/255924nvdPatchThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA04-104A.htmlnvdThird Party AdvisoryUS Government Resource
- www.ciac.org/ciac/bulletins/o-114.shtmlnvd
- www.securityfocus.com/bid/10118nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/15713nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1007nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1076nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A924nvd
News mentions
0No linked articles in our index yet.