A vulnerability exists in the Private Communications Transport (PCT) protocol, which is part of the Microsoft Secure Sockets Layer (SSL) library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to compromise vulnerable systems running SSL-enabled IIS 5.0. Note the vulnerability exists in any SSL-enabled program which is running on vulnerable Windows systems. Windows 2003 Server is not affected if PCT is disabled.
The Private Communications Transport (PCT) protocol is part of the Microsoft Secure Sockets Layer (SSL) library. A buffer overflow vulnerability exists in the PCT that could allow a remote attacker to execute arbitrary code on the system. Only systems with SSL enabled would be vulnerable to exploitation. Microsoft has listed the following mitigating factors:
The following systems may be affected by this vulnerability:
A remote attacker may be able to execute arbitrary code on the system.
Apply a patch from the vendor
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-04-14|
|Date Last Updated:||2004-04-22 18:11 UTC|