Reported November 1, 2000 by Microsoft

  • Network Monitor Software
  • Windows NT 4.0 Server
  • Windows NT 4.0 Workstation
  • Windows NT 4.0 Terminal Server
  • Windows 2000 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Datacenter Server
  • Systems Management Server 1.2
  • Systems Management Server 2.0


Microsoft has released a security bulletin and patch to address a security vulnerability that could allow a malicious user to gain control of an affected server.

Network Monitor, shipped with SMS Server 1.2, 2.0 and Windows 2000 Server versions, contains a protocol parser that aids in interpreting and analyzing previously captured network data.  If a malicious user was to send a specially crafted frame to a server that was monitoring network traffic it would cause an overflow that would cause Network Monitor to crash and allow the malicious user to launch arbitrary commands. 


Microsoft has released a security bulletin, MS00-0083.  Multiple patches are also available; 

Microsoft Windows NT 4.0 Server and Windows NT 4.0 Server,

Enterprise Edition:

Microsoft Windows NT 4.0 Server, Terminal Server Edition:

To be released shortly.

- Microsoft Windows 2000 Server, Advanced Server and

Datacenter Server:

Microsoft Systems Management Server 1.2:

Microsoft Systems Management Server 2.0:

Discovered by NAI Labs, and ISS X-Force