• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Telephony Service Buffer Overflow Vulnerability

Microsoft Windows Telephony Service is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.

A successful attack can result in overflowing a finite-sized buffer, ultimately leading to arbitrary code execution in the context of the affected service. This may allow the attacker to execute arbitrary code remotely or locally to gain elevated privileges.

Remote code execution is possible only on Windows 2000 Server and Windows Server 2003; for other vulnerable platforms, the attacker must have local interactive access.