Microsoft Vulnerability leads to DoS attack in XP, Server 2003

Windows Server 2003 and Windows XP logo Security expert Secunia has cautioned users of a vulnerability present in the Windows XP and Windows Server 2003, which could result in the denial of service (DoS) problem. The flaw can be exploited to cause a buffer overflow, which in turn would cause Windows to crash. Labeled as a “less critical” vulnerability, the flaw could be used to execute arbitrary code; however Secunia was unable to prove that in tests.

Microsoft said that it was examining the issue, but was not aware of any attack vectors that attempt to exploit the problem. In its advisory Secunia wrote, “The vulnerability has been confirmed on a fully patched system with Microsoft Windows XP SP2 and Microsoft Windows 2003 Server.”

For the attack to occur, a user would have to be lured into visiting a malicious Web site with a long URL or else open an Internet shortcut that leads to such a site.

Secunia rated the vulnerability as “less critical”, the second-lowest severity rating on its five-level scale. The flaw could be used to crash applications, but a hacker might not be able to run malicious code thanks to a prevention mechanism in Windows, the company said.

The problem affects the Home and Professional editions of Microsoft Windows XP Service Pack 2.0, and four versions of Windows Server 2003:Datacenter, Enterprise, Standard and Web edition, Secunia said.

It is uncertain if Microsoft plans to address the flaw on its next Patch Tuesday, scheduled for June 13.