Windows 2000 Malformed Event Record Vulnerability Patch

Name: Windows 2000 Malformed Event Record Vulnerability Patch
Rating: 4 (1 reviews)
Author: Microsoft

Download now

Used Windows 2000 Malformed Event Record Vulnerability Patch for Windows? Share your experience and help other users.

Developer’s Description

By Microsoft

Fix a vulnerability in Windows 2000 that could allow a malicious user to run code on an affected machine.

The Windows 2000 Event Viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempted to display an event record that contained specially malformed data in one of the fields, either of two outcomes would result. In the less serious case, the event viewer would fail. In the more serious case, code of the attacker's choice could be made to run via a buffer overrun.

By design, unprivileged processes can log events in the System and Application logs, and interactively logged-on, unprivileged users can view them. However, only privileged processes can log events in the Security log, and only interactively logged-on administrators can view them. If the vulnerability were exploited to run code of the attacker's choice, the code would run in the security context of the user who viewed the affected record.