GEN:SID 1:3004
Message NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the Microsoft implementation of the ASN.1 Library.
Impact Serious. Execution of arbitrary code, DoS.
Detailed Information A buffer overflow condition in the Microsoft implementation of the ASN.1
Library. It may be possible for an attacker to exploit this condition by
sending specially crafted authentication packets to a host running a
vulnerable operating system.

When the taget system decodes the ASN.1 data, exploit code may be included
in the data that may be excuted on the host with system level privileges.
Alternatively, the malformed data may cause the service to become
unresponsive thus causing the DoS condition to occur.
Affected Systems Microsoft Windows NT
    Microsoft Windows NT Terminal Server Edition
    Microsoft Windows 2000
    Microsoft Windows XP
    Microsoft Windows 2003
Attack Scenarios  
Ease of Attack Simple. Exploit code exists.
Corrective Action Apply the appropriate vendor supplied patches.
Additional References  
Rule References bugtraq: 9633
bugtraq: 9635
cve: 2003-0818
nessus: 12052
nessus: 12065
url: www.microsoft.com/technet/security/bulletin/MS04-007.mspx