Summary
A security vulnerability exists in the H.323 filter for Microsoft Internet Security and Acceleration Server 2000 that could allow an attacker to overflow a buffer in the Microsoft Firewall Service in Microsoft Internet Security and Acceleration Server 2000.
An attacker who successfully exploited this vulnerability could try to run code of their choice in the security context of the Microsoft Firewall Service. This would give the attacker complete control over the system. The H.323 filter is enabled by default on servers running ISA Server 2000 computers that are installed in integrated or firewall mode.
Impact of vulnerability: Remote code execution
Affected Software:
Microsoft Internet Security and Acceleration Server 2000 Gold, SP1
Solution
Users using any of the affected
products should install the patch immediately.
Maximum Severity Rating: Critical
See http://www.microsoft.com/technet/security/bulletin/ms04-001.mspx
Severity
Classification
-
CVE CVE-2003-0819 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Checks for MS HOTFIX for snmp buffer overruns
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Active Directory Could Allow Remote Code Execution Vulnerability (957280)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)