search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows Task Scheduler Buffer Overflow

Vulnerability Note VU#228028

Original Release Date: 2004-07-14 | Last Revised: 2004-07-14

Overview

Microsoft Windows Task Scheduler has a buffer overflow that may allow a remote or local intruder to execute arbitrary code.

Description

Microsoft Windows Task Scheduler (Mstask.dll) is a COM-based API (ActiveX control) that provides a scheduling service for executing arbitrary commands on a system. It contains a buffer overflow that is reported to be caused by failing to properly check some attribute of the names of the commands the scheduler is tasked to execute. Exploitation of this overflow could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit a malicious web page or, in some circumstances, open a malicious email message, or a file with the extension .JOB. For more information, see Microsoft Security Bulletin MS04-022.

Microsoft Windows Server 2003 is reportedly not affected by this issue.

Impact

An intruder could execute arbitrary code with the privileges of the user logged into a vulnerable system.

Solution

Apply a patch as described in Microsoft Security Bulletin MS04-022.

Vendor Information

228028
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  July 13, 2004

Status

  Vulnerable

Vendor Statement

Please see Microsoft Security Bulletin MS04-022.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Microsoft for reporting this vulnerability in MS04-022

This document was written by Jeffrey S. Havrilla based on information provided by Microsoft.

Other Information

CVE IDs: CVE-2004-0212
Severity Metric: 46.58
Date Public: 2004-07-13
Date First Published: 2004-07-14
Date Last Updated: 2004-07-14 02:08 UTC
Document Revision: 4

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.