Oval Definition:oval:org.mitre.oval:def:331
Revision Date:2011-10-03Version:50
Title:Windows XP Workstation Service Logging Function Buffer Overflow
Description:Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0812
Platform(s):Microsoft Windows XP
Product(s):Microsoft Windows Workstation Service
Definition Synopsis
  • Software section
  • a vulnerable version of wkssvc.dll exists
  • no service pack is installed and wkssvc.dll is less than 5.1.2600.120
  • NOT Win2K/XP/2003 is patched
  • AND the version of wkssvc.dll is less than 5.1.2600.120
  • OR service pack 1 is installed and wkssvc.dll is less than 5.1.2600.1301
  • Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of wkssvc.dll is less than 5.1.2600.1301
  • AND NOT the patch q828035 is installed (Hotfix key)
  • AND Windows XP (sp1 or earlier) is installed
  • Windows XP is installed
  • AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
  • AND Configuration section
  • the workstation service is enabled
    • BACK