Security Home > Windows NT, 2000 & XP

Unchecked buffer in the Multiple UNC Provider New

A security vulnerability exists in the Multiple UNC Provider service which could be exploited to allow an attacker to run the code of their code on the system.


The Multiple UNC Provider (MUP) is a Windows service that assists in locating network resources that are identified via UNC (uniform naming convention). The MUP receives commands containing UNC names from applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.

When MUP receives a file request, it allocates a buffer in which to store it. There is proper input checking in this first buffer. However, MUP stores another copy of the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges.

Affected Products

  • Microsoft Windows NT 4.0, 2000 and XP


Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: April 4, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<