Reported December 14, 2004, by Microsoft
VERSIONS AFFECTED
· Microsoft Windows NT Server 4.0 Service Pack 6a · Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 · Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 · Microsoft Windows XP Service Pack 1 · Microsoft Windows Server 2003 · Microsoft Windows XP 64-Bit Edition Service Pack 1 |
DESCRIPTION
A vulnerability exists in Microsoft HyperTerminal that could result in the
execution of arbitrary code on the vulnerable system. If a user is logged on
with administrative privileges, an attacker who successfully exploited this
vulnerability could take complete control of the system, including installing programs;
viewing, changing, or deleting data; or creating new accounts with full
privileges.
VENDOR RESPONSE
Microsoft has released Security
Bulletin MS04-043, "Vulnerability in HyperTerminal Could Allow
Code Execution (873339)," to address this vulnerability
and recommends that affected users immediately apply the appropriate patch
listed in the bulletin.
CREDIT
Discovered by Brett Moore of Security-Assessment.com.