• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Routing and Remote Access Remote Code Execution Vulnerability

Microsoft Windows Routing and Remote Access is prone to a memory-corruption vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer.

This issue allows remote attackers to execute arbitrary machine code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected computers.

Exploiting this issue on Microsoft Windows XP SP2 or Windows Server 2003 requires valid login credentials. Anonymous attacks are possible with Windows 2000 and Windows XP versions prior to SP2.