Arbitrary Remote Execution of Code in Microsoft Windows

Advanced Search

February 11, 2004 Arbitrary Remote Execution of Code in Microsoft Windows A Web Exclusive from Windows IT Pro Ken Pfeil Discoveries InstantDoc #41750 Windows IT Pro	Email this Article Printer Friendly Reader Comments Digg This Del.icio.us RSS
Subscribe to Windows IT Pro \| See More Windows NT 4.0 Articles Here \| Reprints \| Or get the Monthly Online Pass—only $5.95 a month!

Reported February 10, 2004, by Microsoft.

VERSIONS AFFECTED

· Windows Server 2003

· Windows XP

· Windows 2000 Server

· Windows NT Server 4.0 Terminal Server Edition (WTS)

· Windows NT Server 4.0

DESCRIPTION

A vulnerability in Windows can result in the remote execution of arbitrary code on the vulnerable system with System privileges. The vulnerability, which is a result of an unchecked buffer in the Microsoft ASN.1 Library, could lead to a buffer overflow. An attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, and creating new accounts with full privileges.

VENDOR RESPONSE

Microsoft has released security bulletin MS04-007, "ASN.1 Vulnerability Could Allow Code Execution (828028)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT

Discovered by eEye Digital Security.

End of Article

Reader Comments

It´s good article.

Jorge Atoji February 12, 2004

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now

Top Viewed ArticlesView all articles

Confirmed: Battery Life Issues Not Windows 7's Fault

Microsoft on Monday issued a lengthy statement about the recent Windows 7 battery controversy, echoing my assessment from earlier in the day, but backing it up with hard, cold evidence. ...

Battery Life Issues Almost Certainly Not Windows 7's Fault

While Microsoft is still investigating a notebook battery life issue that was supposedly caused by Windows 7, some interesting trends have emerged. ...

Microsoft Warns of Windows Version Expirations

Microsoft warned that this year will see three out-of-date Windows versions slip into retirement. ...

Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education

Related Events The Increasing Threat of Financially Motivated Data Theft

Introduction to Identity Lifecycle Manager "2"

Don't Miss Windows Server 2008 Virtual Event

Check out our list of Free Email Newsletters!

Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

ADS BY GOOGLE

Job Openings in IT		SPONSORED LINKS		FEATURED LINKS
		Collaborate with Confidence Accelerate deployment and simplify Microsoft SharePoint management with EMC solutions and services. Calculate your savings now See how SAN is 57% cheaper than DAS over three years Announcing Symantec Backup Exec 2010 With integrated deduplication and unified archiving technology.		Feb 25 - Are your IT Systems distributed? Or Convoluted? Find out why integrated management solutions are more important than ever in today's IT environments and what criteria to consider when evaluating those solutions. Virtualization Faceoff – Join the Discussion Blogs, free poster, videos, community commentary – IT experts and peers face off on VMware & Microsoft virtualization solutions. Should Your Email Live in the Cloud? This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs. Exchange Server 2010: Deploying Unified Communications register for this free virtual event and build your Unified Communications future on a strong Exchange Server 2010 foundation New from Left-Brain.com - Manage VMware with PowerShell Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines. Solve your old problems using less code than you thought possible!

Windows IT Pro Home

FAQ for Windows

WinInfo News
Europe Edition

About Us

Contact Us/Customer Service

Media Kit

Affiliates / Licensing

SQL Server Magazine

Office & SharePoint Pro

DevProConnections

IT Job Hound
Left-Brain.com

Technology Resource Directory

asp.netPRO

ITTV

Windows SuperSite

Windows IT Pro is a Division of Penton Media Inc.
© 2010 Penton Media, Inc. Terms of Use | Privacy Statement