Unchecked buffer in the Multiple UNC Provider New
A security vulnerability exists in the Multiple UNC Provider service which could be exploited to allow an attacker to run the code of their code on the system.
The Multiple UNC Provider (MUP) is a Windows service that assists in locating network resources that are identified via UNC (uniform naming convention). The MUP receives commands containing UNC names from applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.
When MUP receives a file request, it allocates a buffer in which to store it. There is proper input checking in this first buffer. However, MUP stores another copy of the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges.
- Microsoft Windows NT 4.0, 2000 and XP
Software patches are available from the following locations:
- Windows NT 4.0
- Windows NT 4.0 Terminal Server Edition
- Windows 2000
- Windows XP
- Windows XP 64-bit Edition
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: April 4, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
|More Guides »||Registry Guide||Support Forums||Software Guide||Scripting Guide||Search|