Windows Locator vulnerability
Created 1/29/03
CAN 2003-0003
Impact
A remote attacker could execute arbitrary commands.
Background
The Windows Locator service maps logical names of network
objects to the network-specific names which are used in
RPC requests. It runs by default on Windows NT and 2000
domain controllers. It is also included on other Windows
systems but is not enabled by default.
The Problem
A buffer overflow condition in the Windows Locator service
could allow a remote attacker to execute arbitrary commands
with system privileges. The Locator service does not require
any authentication; therefore, an attacker would not need
access to an account on the system in order to exploit this
vulnerability.
Resolution
Install the patch referenced in
Microsoft Security Bulletin 03-001.
It would also be advisable to block access to the NetBIOS
service (ports 137 through 139) at the network perimeter.
This precaution would block attacks originating from outside
the network.
Where can I read more about this?
This vulnerability was reported in
Microsoft Security Bulletin 03-001 and
CERT Advisory 2003-03.