• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability

Microsoft Windows logon process 'winlogon' is prone to a remote buffer-overflow vulnerability. The issue occurs when the vulnerable host is a member of an Active Directory domain. When processing logon information, the logon process reads data from the Active Directory. This read call fails to sufficiently perform boundary checks on received data before copying it into a reserved buffer in process memory.

Supplied data that exceeds the size of the allocated buffer in the logon process's memory will overrun its bounds and will corrupt memory that is adjacent to the affected buffer.