[VULNERABLE] Microsoft Windows Private Communications

Microsoft Windows Private Communications Transport Protocol Buffer
Overrun Vulnerability
http://www.securityfocus.com/bid/10116


Various Microsoft Windows operating systems are prone to a remotely
exploitable stack-based buffer overrun via the PCT (Private
Communications Transport) protocol. Successful exploitation of this
issue could allow a remote attacker to execute malicious code on a
vulnerable system, resulting in full system compromise.

The vulnerability may also reportedly be exploitable by a local user
who passes malicious parameters to the vulnerable component
interactively or through another application.

This issue is reported to only affect systems that have SSL enabled,
such as web servers, but could also affect Windows 2000 Domain
Controllers under some circumstances. For Windows Server 2003, PCT
must be manually enabled in addition to enabling SSL support to be
affected. Reportedly, both PCT 1.0 and SSL 2.0 must be enabled for
successful exploitation.

The DeepSight Threat Analysis team has observed exploit activity in
the wild associated with this vulnerability.


Mirar solucion: http://www.securityfocus.com/bid/10116/solution/


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."