Reported November 8, 2000 by CORE SDI

VERSIONS AFFECTED
  • Windows NT 4.0 Terminal Server  

DESCRIPTION

A buffer overflow in Windows NT 4.0 Terminal Server running SP6a and below has been identified to be remotely exploitable.  The overflow is present in the RegAPI.DLL that is called by MSGINA.DLL when a user attempts to login.

By entering a long username in the username edit box, a malicious user could cause the Terminal Server to crash.  When performed locally, this overflow could result in the execution of arbitrary commands.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0087 and a patch that is available from;

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25565

CREDIT
Discovered by
CORE SDI