The new vulnerability is a buffer overflow associated with Windows Messenger Service and impacts Windows NT, Windows 2000, and Windows XP desktops and servers. Exploitation could result in a denial of service or in execution of malicious code in Local System context, potentially allowing for full system compromise.

An attacker who successfully exploits this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. This vulnerability identifier is CAN-2003-0717.

eEye Releases Free Messenger Service Scanning Utility
eEye Digital Security is pleased to announce the release of a new lightweight Retina Scanner to detect the Microsoft Windows® Messenger vulnerability. eEye created the free single-audit utility for this particular vulnerability due to the critical nature of the flaw. This vulnerability may allow attackers to remotely execute arbitrary code on vulnerable systems with administrator privileges.

Download the FREE Retina Messenger Service Scanner here:
<a href='http://www.eeye.com/html/Research/Tools/MSGSVC.html' target='_blank'>http://www.eeye.com/html/Research/Tools/MSGSVC.html</a>

Note: This tool does not require domain administrator privileges to scan machine for the detection of vulnerable or unpatched machines.


موضوعات مشابه: