Vulnerability Note VU#638548
Microsoft Windows SSP interface fails to properly validate value used during authentication protocol selection
A remotely exploitable vulnerability in Microsoft's Negotiate Security Software Provider (SSP) interface could permit an attacker to execute arbitrary code on the system.
Microsoft's Negotiate Security Software Provider (SSP) interface contains a buffer overflow during the processing of data sent for authentication protocol selection. A unathenticated remote attacker could send a malicious request to the SSP service to exploit this vulnerability. The following systems are affected:
An unauthenticated remote attacker could cause a denial-of-service situation, or potentially execute arbitrary code on the system with "SYSTEM" privileges.
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Apr 2004|
CVSS Metrics (Learn More)
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2004-0119
- Date Public: 13 Apr 2004
- Date First Published: 14 Apr 2004
- Date Last Updated: 14 Apr 2004
- Severity Metric: 30.12
- Document Revision: 3
If you have feedback, comments, or additional information about this vulnerability, please send us email.