[Am-info] Microsoft Windows Task Scheduler Buffer Overflow Vulnerability
Fred Miller
fmiller@lightlink.com
Tue, 13 Jul 2004 17:05:22 -0400
Microsoft Windows Task Scheduler Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA12060
VERIFY ADVISORY:
http://secunia.com/advisories/12060/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows NT 4.0 Server
http://secunia.com/product/18/
Microsoft Windows NT 4.0 Server, Terminal Server Edition
http://secunia.com/product/19/
Microsoft Windows NT 4.0 Workstation
http://secunia.com/product/15/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
DESCRIPTION:
Microsoft has issued an update for Windows. This fixes a
vulnerability, allowing malicious websites to execute arbitrary code
on a vulnerable system.
The vulnerability is caused due a boundary error during application
name validation in the Task Scheduler. According to Microsoft, this
could lead to system access if the current user has administrative
privileges.
This affects Microsoft Windows 2000 and Windows XP. Microsoft Windows
NT 4 is also affected if Internet Explorer 6 SP1 is installed.
SOLUTION:
Microsoft has released updates.
Microsoft Windows 2000 (SP2, SP3, and SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=BBF3C8A1-7D72-4CE9-A586-7C837B499C08&displaylang=en
Microsoft Windows XP (SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E8D0A2D-D3B9-4DE8-8B6F-FC27715BC0CF&displaylang=en
Microsoft Windows XP 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7B4AC0FA-7954-4993-85A1-85298F122CE0&displaylang=en
Microsoft Windows NT 4 (SP6a) with Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4F57F82-D2BA-411A-8B40-77A3D80E58AC&displaylang=en
PROVIDED AND/OR DISCOVERED BY:
Microsoft credits the following with the discovery:
* Brett Moore of Security-Assessment.com
* Dustin Schneider
* Peter Winter-Smith of Next Generation Security Software
ORIGINAL ADVISORY:
MS04-022 (KB841873):
http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx
--
"Ballmer is no more designed for the art of persuasion
than the Abrams tank is for delivering meals on wheels."