CVE-2009-0228

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4

Description A remote code execution issue exists in the Windows Print Spooler Service, allowing a remote, unauthenticated attacker to execute arbitrary code on an affected system. This could enable the attacker to take complete control of the system, install programs, view, change, or delete data, or create new accounts. The issue is related to a stack-based buffer overflow in the EnumeratePrintShares function in win32spl.dll, which can be triggered by a crafted ShareName in a response to an RPC request.

Recommendations For Microsoft Windows 2000 SP4, apply the necessary patch to fix the buffer overflow in the Print Spooler Service to prevent remote code execution. As a temporary workaround, consider restricting access to the Windows Print Spooler Service until a patch is available.