Vulnerability Note VU#753212
Microsoft LSA Service contains buffer overflow in DsRolepInitializeLog() function
The Windows Local Security Authority Service Server (LSASS) contains a vulnerability that may permit an attacker to completely compromise the system.
A buffer overflow vulnerability exists in a Microsoft Active Directory service logging function that is exposed by the LSASS DCE/RPC interface. The vulnerability occurs due to the misuse of a vsprintf() call. For a full technical description, please see eEye Digital Security's Advisiory. This vulnerability affects the following systems:
A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system.
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||13 Apr 2004|
CVSS Metrics (Learn More)
The Microsoft Security Bulletin credits eEye Digital Security for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2003-0533
- Date Public: 13 Apr 2004
- Date First Published: 13 Apr 2004
- Date Last Updated: 13 Apr 2004
- Severity Metric: 35.44
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.