Reported October 15, 2003,
by Microsoft.
VERSIONS AFFECTED
·
Windows 2003
·
Windows XP
·
Windows 2000
·
Windows Me
·
Windows NT
Server 4.0, Terminal Server Edition, Service Pack 6a (SP6a)
·
NT Server
4.0 SP6a
·
NT
Workstation 4.0 SP6a
DESCRIPTION
A vulnerability in Microsoft Windows Messenger
Service can result in the remote execution of arbitrary code on the vulnerable
system under the Local System security context. This vulnerability is a result
of an unchecked buffer in a file associated with the Help Center Protocol (HCP).
VENDOR RESPONSE
Microsoft has released security bulletin
MS03-044,
"Buffer Overrun in Windows Help and Support Center Could Lead to System
Compromise (825119)," which addresses this vulnerability, and recommends that
affected users immediately apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by David Litchfield of
Next Generation Security Software Ltd.
Buffer Overrun in Windows Help and Support Center
0 comments
Hide comments