|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Microsoft Windows 2000 contains a flaw that may allow a local denial of service. The issue is triggered when a RUN AS dialog is opened and never closed. The operating system can service only one such dialog at a time, preventing other users from usign the RUN AS service.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
This is a denial of service against the RunAs service only -- it would not allow the system or any other services to be disrupted. An attacker could only exploit this vulnerability on the local machine, so the sole outcome of a successful attack would be to deny use of the RunAs service to the attacker himself (or, in the case of a terminal server, to other users of that machine).
|
|
Solution |
Upgrade to Service Pack version 3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Windows
 |
2000 SP2 |
2000 SP1 |
2000 |
|
|
|
|
Credit |
- Steve - steve
 securesolutions.org - Camisade LLC
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
