Reported February 7, 2002, by Microsoft.

VERSIONS AFFECTED

 

  • Windows 2000

  • Interix 2.2

 

DESCRIPTION
A buffer overrun vulnerability exists in Microsoft Telnet that lets an attacker execute arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer in the code that processes the Telnet protocol options.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS02-004 to address this vulnerability and recommends that affected users apply the appropriate patch provided at Microsoft's Download Center. Users can also find the Win2K fix for this vulnerability in Windows 2000 Security Roll-up Package 1.

 

CREDIT
Discovered by Microsoft.