Vigil@nce: Windows, buffer overflow via WMS nskey.dll
August 2008 by Vigil@nce
SYNTHESIS
A remote attacker can create a malicious website, which implement
Windows Media Services ActiveX, in order to create a buffer
overflow and thus execute code on victim’s computer.
Gravity: 2/4
Consequences: privileged access/rights
Provenance: internet server
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 25/08/2008
Identifier: VIGILANCE-VUL-8050
IMPACTED PRODUCTS
– Microsoft Windows 2000 [confidential versions]
DESCRIPTION
Windows Media Services (WMS) is a streaming server using ActiveX
controllers.
WMS purposes a vulnerable function : "CallHTMLHelp" in the
"nskey.dll" file.
An attacker can create a website calling this function in a
malicious way, this will generate a buffer overflow and it will be
possible to execute code on victim’s computer.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8050