A remotely exploitable vulnerability in Microsoft's Negotiate Security Software Provider (SSP) interface could permit an attacker to execute arbitrary code on the system.
Microsoft's Negotiate Security Software Provider (SSP) interface contains a buffer overflow during the processing of data sent for authentication protocol selection. A unathenticated remote attacker could send a malicious request to the SSP service to exploit this vulnerability. The following systems are affected:
An unauthenticated remote attacker could cause a denial-of-service situation, or potentially execute arbitrary code on the system with "SYSTEM" privileges.
Apply a patch from the vendor
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-04-14|
|Date Last Updated:||2004-04-14 15:23 UTC|