header-logo
Suggest Exploit
vendor:
Windows
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Windows
Affected Version From: Windows 2000
Affected Version To: Windows NT
Patch Exists: NO
Related CWE: N/A
CPE: o:microsoft:windows
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 2000, Windows NT
2002

Microsoft Windows Locator Service Buffer Overflow Vulnerability

It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote clients into a local buffer. This vulnerability may be exploited by remote attackers to execute custom instructions on the target server. It is also possible to crash the service with a malicious request. It should be noted that, to exploit this vulnerability, no authentication is required. Additionally, the Locator service is enabled by default on all Windows 2000 and Windows NT Domain Controllers (DC).

Mitigation:

Disable the Locator service on Windows 2000 and Windows NT Domain Controllers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6666/info

It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote clients into a local buffer.

This vulnerability may be exploited by remote attackers to execute custom instructions on the target server. It is also possible to crash the service with a malicious request. It should be noted that, to exploit this vulnerability, no authentication is required. Additionally, the Locator service is enabled by default on all Windows 2000 and Windows NT Domain Controllers (DC).

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22194.zip

Navigation

Suggest Exploit

Services By CQR