NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_2000 | Microsoft | * | * |
| Windows_nt | Microsoft | 4.0 (including) | 4.0 (including) |
| Windows_nt | Microsoft | 4.0-sp1 (including) | 4.0-sp1 (including) |
| Windows_nt | Microsoft | 4.0-sp2 (including) | 4.0-sp2 (including) |
| Windows_nt | Microsoft | 4.0-sp3 (including) | 4.0-sp3 (including) |
| Windows_nt | Microsoft | 4.0-sp4 (including) | 4.0-sp4 (including) |
| Windows_nt | Microsoft | 4.0-sp5 (including) | 4.0-sp5 (including) |
| Windows_nt | Microsoft | 4.0-sp6 (including) | 4.0-sp6 (including) |
| Windows_nt | Microsoft | 4.0-sp6a (including) | 4.0-sp6a (including) |
| Windows_xp | Microsoft | * | * |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458
- http://www.abtrusion.com/msexe16.asp
- http://www.iss.net/security_center/static/10132.php
- http://www.securityfocus.com/bid/5740
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458
- http://www.abtrusion.com/msexe16.asp
- http://www.iss.net/security_center/static/10132.php
- http://www.securityfocus.com/bid/5740