Thomas Lim

**Name of the Vulnerable Software and Affected Versions** Windows Schannel Security Package versions prior to the fixed version **Description** The issue allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. A remote code execution vulnerability exists in the way that Windows Schannel on a client machine validates server-sent digital signatures. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site. **Recommendations** For Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.