Synopsis: Windows NT Message Compiler 1.00.5239 arbitrary code execution Product: Microsoft Windows XP Issue: ====== A critical security vulnerability has been found in Windows NT Message Compiler. Arbitrary code execution might be possible (local exploitation possible only). Details: ======== MC (Windows NT Message Compiler) when provided a MC-filename longer than requested crashed due to memory corruption. Memory corruption conditions might allow the attacker to escalate privilleges. When overwriting the buffer with "A" (0x41): Unhandled exception at 0x01003468 in MC.EXE: 0xC0000005: Access violation reading location 0x41414141. First-chance exception at 0x01003468 in MC.EXE: 0xC0000005: Access violation reading location 0x41414141. Affected Versions ================= Microsoft (R) Message Compiler Version 1.00.5239 Solution ========= Proper bounds-checking. Kind regards, Michal Bucko (sapheal) hack.pl
