Rodrigo Gutierrez, a researcher with Trustix AS, notified Microsoft of the flaw with a warning that it could be exploited by malicious attackers to cause a buffer overflow and lead to system takeover.
Microsoft confirmed Gutierrez’s findings in an advisory and recommended users install the latest service packs for Windows XP and Windows 2000. The software giant said the hole was fixed in the service packs but independent security consultants Secunia said the vulnerability “has been confirmed on fully patched systems running Windows XP and Windows 2000.”
See the complete story on internetnews.com.