- Quick specs
- Price: Free
- Operating system: Windows 2000
- Date added: June 27, 2002
- Total Downloads: 3,638
- Downloads last week: 1
- See full specifications
- Average user rating: stars out of 1 votes
See all user reviews
Publisher's description
From Microsoft :The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000 and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems.
A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.
More popular Encryption Software downloads
- 52,290 downloads 1. RoboForm
- 28,542 downloads 2. Hotspot Shield
- 20,506 downloads 3. Computer Use Reporter
- 6,791 downloads 4. Folder Lock
- 3,667 downloads 5. RAR Password Cracker
- See all Encryption Software downloads
User reviews
Write your own review Be the first one to review Windows 2000 Remote Access Service Phonebook Vulnerability Patch MS02-029 and share your experience with the CNET community!
Previous versions: See all user reviews
Submit your review
- See more CNET content tagged:
- Microsoft Windows 2000,
- Microsoft Windows NT 4.0,
- phonebook,
- remote access,
- server
