A buffer overflow in Windows NT 4.0 Terminal Server running SP6a and below has been identified to be remotely exploitable. The overflow is present in the RegAPI.DLL that is called by MSGINA.DLL when a user attempts to login.
By entering a long username in the username edit box, a malicious user could cause the Terminal Server to crash. When performed locally, this overflow could result in the execution of arbitrary commands.
Microsoft has released a security bulletin, MS00-0087 and a patch that is available from;