CVE-2002-0366

Name of the Vulnerable Software and Affected Versions Windows NT versions 4.0 Windows 2000 Windows XP Routing and Remote Access Server (RRAS)

Description A buffer overflow issue exists in the Remote Access Service (RAS) phonebook, allowing local users to execute arbitrary code. This is achieved by modifying the rasphone.pbk file to use a long dial-up entry.

Recommendations For Windows NT 4.0, consider restricting access to the rasphone.pbk file to prevent unauthorized modifications. For Windows 2000, avoid using long dial-up entries in the RAS phonebook until a fix is available. For Windows XP, restrict access to the RAS phonebook to minimize the risk of exploitation. For Routing and Remote Access Server (RRAS), consider disabling the RAS phonebook feature as a temporary workaround until a patch is available.