The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Windows_2000 | Microsoft | - (including) | - (including) |
Windows_server_2003 | Microsoft | - (including) | - (including) |
Windows_xp | Microsoft | - (including) | - (including) |