Reported December 14, 2004, by Microsoft

VERSIONS AFFECTED

·         Microsoft Windows NT Server 4.0 Service Pack 6a

·         Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

·         Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

·         Microsoft Windows XP Service Pack 1

·         Microsoft Windows Server 2003

·         Microsoft Windows XP 64-Bit Edition Service Pack 1

DESCRIPTION
A vulnerability exists in Microsoft HyperTerminal that could result in the execution of arbitrary code on the vulnerable system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.

VENDOR RESPONSE
Microsoft has released Security Bulletin MS04-043, "Vulnerability in HyperTerminal Could Allow Code Execution (873339)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Brett Moore of Security-Assessment.com.