| VID |
28087 |
| Severity |
40 |
| Port |
1025 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
According to the result of remote Task Scheduler test, the hotfix (KB841873) for the 'Vulnerability in Task Scheduler' seems not to have been applied.
A remote code execution vulnerability exists in the Task Scheduler because of the way that it handles application name validation. An attacker who successfully exploited this vulnerability could take complete control of an affected system. There are many ways that a system could be vulnerable to this attack. Here are some examples:
- An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.
- An attacker could add a specially crafted .job file to the local file system or to a network share and then persuade the user to view the folder by using Windows Explorer.
- An attacker could also access the affected component through another vector. For example, an attacker could log on to the system interactively or by using another program that passes parameters to the vulnerable component (locally or remotely).
* References:
http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx
* Platforms Affected:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-022 at http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2004-0205 (CVE) |
| Related URL |
10706 (SecurityFocus) |
| Related URL |
16578 (ISS) |
|
