Reported February 26, 2001, by Microsoft.
VERSIONS
AFFECTED
DESCRIPTION
A buffer overflow has been discovered in the
Event Viewer of Microsoft Windows 2000 OSs. The problem can let an attacker cause arbitrary code to execute on the OS in the security context of the user viewing a particular malformed event log entry. The problem is compounded by the fact that unprivileged processes can write events into the Application and System logs.
VENDOR RESPONSE
Microsoft has released a security bulletin, MS01-013,
and a patch to address the issue.
CREDIT
Discovered by Blake Watts at Guardent.