Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability

The Windows 2000 ShellExecute() API is prone to a buffer overflow. When an unusually long string is passed to the third parameter, a buffer is overrun. This may result in a denial of service or potential code execution.

This issue was reportedly fixed in Windows 2000 Service Pack 4, however, the vendor has not confirmed this.


Privacy Statement
Copyright 2010, SecurityFocus