CVE-2003-0533

Name of the Vulnerable Software and Affected Versions Microsoft Windows NT 4.0 SP6a Microsoft Windows 2000 SP2 through SP4 Microsoft Windows XP SP1 Microsoft Windows Server 2003 Microsoft NetMeeting Microsoft Windows 98 Microsoft Windows ME

Description A stack-based buffer overflow issue exists in certain Active Directory service functions within the Local Security Authority Subsystem Service (LSASS) due to the creation of long debug entries for the DCPROMO.LOG log file by the DsRolerUpgradeDownlevelServer function. This allows remote attackers to execute arbitrary code. The issue has been exploited by the Sasser worm.

Recommendations For Microsoft Windows NT 4.0 SP6a, apply the necessary patch to fix the issue. For Microsoft Windows 2000 SP2 through SP4, apply the necessary patch to fix the issue. For Microsoft Windows XP SP1, apply the necessary patch to fix the issue. For Microsoft Windows Server 2003, apply the necessary patch to fix the issue. For Microsoft NetMeeting, apply the necessary patch to fix the issue. For Microsoft Windows 98 and Windows ME, apply the necessary patch to fix the issue.