Reported July 23, 2003, by
Microsoft.
VERSIONS
AFFECTED
Windows NT 4.0
Windows NT 4.0 Terminal
Server Edition (WTS)
DESCRIPTION
A new vulnerability in
Windows NT 4.0 can result in a Denial of Service (DoS) condition. If a malicious
user passes a specially crafted request through an application to the affected
function, the function can cause the system to free memory that the function
doesn't own. If an application making the request to the function doesn't carry
out any user-input validation and permits the specially crafted request to be
passed to the function, the application passing the request could fail.
VENDOR
RESPONSE
Microsoft has released Security Bulletin
MS03-029, "Flaw in Windows Function
Could Allow Denial of Service (823803)" to address this vulnerability and
recommends that affected users immediately apply the patch mentioned in the
bulletin.
CREDIT
Discovered by Matt Miller
and Jeremy Rauch of
@stake.
Denial of Service in Windows NT 4.0
0 comments
Hide comments