Windows Task Scheduler buffer overflow

2006-09-05T00:00:00
ID SAINT:44C1E308B5817CDC2361D8945EE168CB
Type saint
Reporter SAINT Corporation
Modified 2006-09-05T00:00:00

Description

Added: 09/05/2006
CVE: CVE-2004-0212
BID: 10708
OSVDB: 7798

Background

The Windows Task Scheduler is used to schedule commands to run at specified times.

Problem

A buffer overflow vulnerability in the Task Scheduler could allow command execution when a specially crafted **.job** file is processed.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-022.

References

<http://archives.neohapsis.com/archives/bugtraq/2004-07/0133.html>

Limitations

Exploit works on Windows XP SP0 and SP1.

A user must download the job file into a folder and open the folder in Windows Explorer in order for the exploit to succeed.

Platforms

Windows XP