MS02-017: Unchecked buffer in the Multiple UNC Provider

Article ID: 311967 - View products that this article applies to.
This article was previously published under Q311967
Expand all | Collapse all

On This Page

Symptoms

A buffer overflow
(http://www.microsoft.com/security/portal/glossary.aspx)
that results in a privilege elevation
(http://www.microsoft.com/security/portal/glossary.aspx)
 vulnerability exists in Windows XP. If an attacker successfully exploits this vulnerability, the attacker gains complete control over the computer. This permits the attacker to take any action on the computer. These actions might include adding, deleting, or modifying data; creating or deleting user accounts; or adding accounts to the local Administrators group.

Mitigating factors:
  • The Multiple UNC Provider (MUP) request can be levied only by a process on the local computer. Therefore, this vulnerability can be exploited only by a user who can log on to an affected computer interactively
    (http://www.microsoft.com/security/portal/glossary.aspx)
     and run code.
  • Best practices suggest that unprivileged users not be permitted to interactively log on to business-critical servers. If this recommendation has been followed, computers such as domain controllers, Enterprise Resource Planning (ERP) servers, print and file servers, database servers, and others are not be at risk from this vulnerability.
Back to the top | Give Feedback

Cause

This vulnerability occurs because the MUP service contains an unchecked buffer. By sending a specially malformed request, an attacker might be able to conduct a buffer-overrun attack against a computer.
Back to the top | Give Feedback

Resolution

Windows XP

To resolve this problem, obtain the latest service pack for Windows XP. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
322389
(http://support.microsoft.com/kb/322389/ )
How to obtain the latest Windows XP service pack

Windows XP 64-Bit Edition

To resolve this problem, obtain the latest service pack for Windows XP. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
322389
(http://support.microsoft.com/kb/322389/ )
How to obtain the latest Windows XP service pack
Back to the top | Give Feedback

Status

Windows XP and Windows XP 64-Bit Edition

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows XP and Windows XP 64-bit Edition. This problem was first corrected in Windows XP Service Pack 1.
Back to the top | Give Feedback

Properties

Article ID: 311967 - Last Review: August 20, 2012 - Revision: 8.0
Applies to
  • Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Keywords: 
kbbug kbfix kboswin2000fix kbsecurity kbwin2000presp3fix kbwin2000sp3fix kbwinxpsp1fix KB311967
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top