Arbitrary Code Execution Vulnerability in Microsoft Windows Task Scheduler

Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows XP
  • Windows 2000
  • Windows NT 4.0 (If Internet Explorer 6, Service Pack 1 is installed)

DESCRIPTION
A vulnerability in Windows XP, Windows 2000, and Windows NT 4.0 could allow the remote execution of arbitrary code on the vulnerable system. This vulnerability is a result of an unchecked buffer in the Task Scheduler.

VENDOR RESPONSE
Microsoft has released bulletin MS04-022, "Vulnerability in Task Scheduler Could Allow Code Execution (841873)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Brett Moore, Dustin Schneider, and Peter Winter-Smith.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish