Marine06
02-26-01, 04:24 PM
LINK TO DOWNLOAD THE PATCH (http://download.microsoft.com/download/win2000platform/Patch/q285156/NT5/EN-US/Q285156_W2K_SP3_x86_en.EXE)
Who should read this bulletin: Users who use the event viewer in Microsoft® Windows® 2000, especially system administrators.
Impact of vulnerability: Run code of attacker's choice
Recommendation: System administrators should install patch on all critical servers and consider installing it on all Windows 2000 systems.
Affected Software:
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Technical details
Technical description:
The Windows 2000 event viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempted to display an event record that contained specially malformed data in one of the fields, either of two outcomes would result. In the less serious case, the event viewer would fail. In the more serious case, code of the attacker's choice could be made to run via a buffer overrun.
By design, unprivileged processes can log events in the System and Application logs, and interactively logged-on, unprivileged users can view them. However, only privileged processes can log events in the Security log, and only interactively logged-on administrators can view them. If the vulnerability were exploited to run code of the attacker's choice, the code would run in the security context of the user who viewed the affected record.
Who should read this bulletin: Users who use the event viewer in Microsoft® Windows® 2000, especially system administrators.
Impact of vulnerability: Run code of attacker's choice
Recommendation: System administrators should install patch on all critical servers and consider installing it on all Windows 2000 systems.
Affected Software:
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Technical details
Technical description:
The Windows 2000 event viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempted to display an event record that contained specially malformed data in one of the fields, either of two outcomes would result. In the less serious case, the event viewer would fail. In the more serious case, code of the attacker's choice could be made to run via a buffer overrun.
By design, unprivileged processes can log events in the System and Application logs, and interactively logged-on, unprivileged users can view them. However, only privileged processes can log events in the Security log, and only interactively logged-on administrators can view them. If the vulnerability were exploited to run code of the attacker's choice, the code would run in the security context of the user who viewed the affected record.