Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows XP
  • Windows 2000
  • Windows NT 4.0 (If Internet Explorer 6, Service Pack 1 is installed)

DESCRIPTION
A vulnerability in Windows XP, Windows 2000, and Windows NT 4.0 could allow the remote execution of arbitrary code on the vulnerable system. This vulnerability is a result of an unchecked buffer in the Task Scheduler.

VENDOR RESPONSE
Microsoft has released bulletin MS04-022, "Vulnerability in Task Scheduler Could Allow Code Execution (841873)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Brett Moore, Dustin Schneider, and Peter Winter-Smith.