Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability

The Microsoft Multiple UNC Provider (MUP) driver is used to service Uniform Naming Convention (UNC) requests under some versions of the Windows operating system. An issue has been reported in the handling of UNC requests for files.

Oversized UNP file requests may result in the MUP corrupting data structures related to memory management. When this data is used to allocate or free memory, exploitation may result in arbitrary code being executed with SYSTEM privileges.

Reports state that exploitation is highly dependant on system conditions which are not under the control of a local user. Exploitation may not be reliable, and may require multiple attempts. Failed exploitation may result in a system crash, and require a reboot.


Privacy Statement
Copyright 2010, SecurityFocus