CERTVU:228028Microsoft Windows Task Scheduler Buffer Overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Overview
Microsoft Windows Task Scheduler has a buffer overflow that may allow a remote or local intruder to execute arbitrary code.
Description
Microsoft Windows Task Scheduler (Mstask.dll) is a COM-based API (ActiveX control) that provides a scheduling service for executing arbitrary commands on a system. It contains a buffer overflow that is reported to be caused by failing to properly check some attribute of the names of the commands the scheduler is tasked to execute. Exploitation of this overflow could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit a malicious web page or, in some circumstances, open a malicious email message, or a file with the extension .JOB. For more information, see Microsoft Security Bulletin MS04-022.
Microsoft Windows Server 2003 is reportedly not affected by this issue.
Impact
An intruder could execute arbitrary code with the privileges of the user logged into a vulnerable system.
Solution
Apply a patch as described in Microsoft Security Bulletin MS04-022.
Vendor Information
228028
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: July 13, 2004
Status
Affected
Vendor Statement
Please see Microsoft Security Bulletin MS04-022.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23228028 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx>
- <http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/featfunc/taskschd.mspx>
Acknowledgements
Thanks to Microsoft for reporting this vulnerability in MS04-022.
This document was written by Jeffrey S. Havrilla based on information provided by Microsoft.
Other Information
| CVE IDs: | CVE-2004-0212 |
|---|---|
| Severity Metric: | 46.58 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%