VULHUB ™

Microsoft has released a patch for a vulnerability in Microsoft(r) Windows NT(r) 4.0. The vulnerability could enable a user to execute arbitrary code on a Windows NT machine under certain conditions. The security descriptor that secures the Remote Access Connection Manager, RASMAN.EXE, contains an inappropriate ACE in its DACL and would allow an unprivileged user to levy requests on it via the Service Control Manager. Among the actions that could be requested is to change the location and name of the executable code for the service. In doing so, a malicious user could substitute arbitrary code for the legitimate service, which then would run in a System Context.

Microsoft has released a patch for a vulnerability in Microsoft(r) Windows NT(r) 4.0. The vulnerability could enable a user to execute arbitrary code on a Windows NT machine under certain conditions. The security descriptor that secures the Remote Access Connection Manager, RASMAN.EXE, contains an inappropriate ACE in its DACL and would allow an unprivileged user to levy requests on it via the Service Control Manager. Among the actions that could be requested is to change the location and name of the executable code for the service. In doing so, a malicious user could substitute arbitrary code for the legitimate service, which then would run in a System Context.