Flaw Found in Windows XP, Server 2003

Security hold could lead to denial-of-service attacks on certain applications.

Jeremy Kirk, IDG News Service

A new flaw found in Microsoft's software could be exploited to cause a denial-of-service attack on certain applications, although the bug isn't viewed as being severe.

The flaw could be exploited through a buffer overflow attack, security vendor Secunia reported this week. A buffer overflow occurs when excess data flows into an area of memory, spilling over so that it overwrites data in adjacent areas or causes unintended code to execute.

For the attack to occur, a user would have to be lured into visiting a malicious Web site with a overly-long URL, or else opening an Internet shortcut that leads to such a site.

No Attacks Yet

Microsoft said today that it was investigating the flaw and that it wasn't aware of any attacks yet taking advantage of it.

Secunia rated the vulnerability as "less critical," the second-lowest severity rating on its five-level scale.

The flaw could be used to crash applications, but a hacker might not be able to run malicious code thanks to a prevention mechanism in Windows, the company said.

The problem affects the Home and Professional editions of Microsoft Windows XP Service Pack 2, and four versions of Windows Server 2003: Datacenter, Enterprise, Standard and Web edition, Secunia said.

The advisory is available online.