The Windows Local Security Authority Service Server (LSASS) contains a vulnerability that may permit an attacker to completely compromise the system.
A buffer overflow vulnerability exists in a Microsoft Active Directory service logging function that is exposed by the LSASS DCE/RPC interface. The vulnerability occurs due to the misuse of a vsprintf() call. For a full technical description, please see eEye Digital Security's Advisiory. This vulnerability affects the following systems:
A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system.
Apply a patch from the vendor
The Microsoft Security Bulletin credits eEye Digital Security for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-04-14|
|Date Last Updated:||2004-04-14 01:31 UTC|