Windows Telephony API buffer overflow

2007-06-12T00:00:00
ID SAINT:F0CCBA79891EC69AFBE14E3B1AC55891
Type saint
Reporter SAINT Corporation
Modified 2007-06-12T00:00:00

Description

Added: 06/12/2007
CVE: CVE-2005-0058
BID: 14518
OSVDB: 18606

Background

The Windows Telephony API (TAPI) provides telecommunications support for Windows applications.

Problem

A buffer overflow in the Windows Telephony API allows local attackers to execute commands with administrative privileges.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-040.

References

<http://www.microsoft.com/technet/security/bulletin/ms05-040.mspx>

Limitations

The Telephony service must be running on the target in order for this exploit to succeed.

Platforms

Windows 2000