Windows 2000 Remote Access Service Phonebook Vulnerability Patch

Download Download Now
Free download (1.04 MB)

Publisher’s description

From: Microsoft

The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000 and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems.

A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.

CNET Networks is not responsible for the content of this Publisher's Description. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. Any questions, complaints or claims related to any specific download should be directed to the relevant vendor.

User comments

All fields marked with * are required

What do you think

Won't be displayed.

You must read and type the 6 chars within 0..9 and A..F