| VID |
26024 |
| Severity |
30 |
| Port |
|
| Protocol |
IrDA |
| Class |
SMB |
| Detailed Description |
The hotfix (q252795) for the 'IrDA access violation' problem has not been applied. Access violation in Windows 2000 IrDA driver can allow an attacker who is physically near the Windows 2000 host to shut it down using a remote control.
Windows 2000 provides support for infrared-based connectivity. This support is provided through protocols developed by the Infrared Data Association (IrDA). IrDA allows a variety of devices to communicate with each other such as cameras, printers, portable computers, desktop computers, and personal digital assistants (PDAs). This also allows other devices and programs to communicate with Windows 2000 through the IrDA interface for activities such as file and print sharing. The software which handles IrDA devices in Windows 2000 contains an unchecked buffer in the code which handles certain IrDA packets. It is possible for an attacker to send a specially crafted IrDA packet to the victim's system which will conduct a buffer overflow attack and cause an access violation on the system, forcing a reboot. But it cannot be used to run malicious code on the user's system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows 2000
* References:
http://www.microsoft.com/technet/security/bulletin/ms01-046.asp
http://www.microsoft.com/windows2000/downloads/critical/q252795/default.asp |
| Recommendation |
Microsoft has released a patch (q252795) for this vulnerability that can be downloaded from: http://www.microsoft.com/windows2000/downloads/critical/q252795/default.asp |
| Related URL |
CVE-2001-0659 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
