October 15th, 2003, 20:23 PM
Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer.
An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
Windows NT 4.0
Windows NT 4.0,
Terminal Server Edition
Windows Server 2003
View: Microsoft Security Bulletin MS03-043