Microsoft Windows Workstation Service Remote Code Execution Vulnerability (MS06-070)
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the Workstation service when processing a malformed "Hostname" argument via the "NetpManageIPCConnect()" function called by "NetrJoinDomain2()", which could be exploited by attackers to cause a denial of service or execute arbitrary commands by sending a specially crafted message to a vulnerable system.

Note : Microsoft Windows 2000 systems are primarily at risk. On Windows XP Service Pack 2 the vulnerability could only be exploited by local attackers.

Affected Products

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS06-070.mspx
더보기

댓글,