Vulnerability Note VU#570330
MS Windows NT Terminal Server 4.0 buffer overflow in regapi.dll allows remote code execution or DoS
Microsoft Windows NT 4.0 Terminal Server contains a buffer overflow that could allow an intruder to execute arbitrary code with the privileges of an administrator.
There is a buffer overflow in the code that processes the username (specifically in RegAPI.DLL) in Microsoft Windows NT 4.0 Terminal Server. This allows an intruder to submit a specially crafted username in such a way as to cause Terminal Server to execute code of the intruder's choosing. The intruder does not need to have a valid username or password; anyone with access to port 3389/TCP can exploit this vulnerability.
Intruders can execute arbitrary code with the privileges of a logged in administrator. Additionally, an intruder who can log in locally can cause Terminal Server to crash.
Apply a patch as described in http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q277910/default.asp.
You may also with to block access to port 3389/TCP to reduce your exposure to this vulnerability. This does not eliminate the vulnerability, but it does reduce the number of people who can exploit it.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||15 Aug 2001|
CVSS Metrics (Learn More)
This vulnerability was discovered by Bruno Acselrad of CORE SDI S.A., Buenos Aires, Argentina.
This document was written by Shawn V. Hernan.
- CVE IDs: CAN-2000-1149
- Date Public: 08 Nov 2000
- Date First Published: 15 Aug 2001
- Date Last Updated: 15 Aug 2001
- Severity Metric: 16.87
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.