A flaw exists in Windows NT 4.0 Server file management function that can cause a denial of service vulnerability. The affected function can cause memory that it does not own to be freed when a specially crafted request is passed to it causing the flaw. If the application making the request to the function does not carry out any user input validation and allows the specially crafted request to be passed to the function, the function may free memory that it does not own. As a result, the application passing the request could fail.

Impact

This is a denial of service vulnerability. An attacker who successfully exploited the vulnerability could cause an application running on a Windows NT 4.0 Server system to fail.

The flaw is in the way certain memory operations relating to a Windows function are carried out by Windows NT 4.0 Server. When some overly long parameters are passed to the File Management function, the server may incorrectly free some memory that is not actually owned by the function. Therefore, the application that passes the request might stop working. Typically applications that require information about the file system might make requests to the function.

The attackers may exploit this vulnerability by sending a specially crafted request to the affected File Management function by using another application causing the application running on a Windows NT 4.0 server system to fail.

By default, the affected function is not accessible remotely, however applications installed on the operating system that are available remotely may make use of the affected function. Application servers or Web servers are two such applications that may access the function. Note that Internet Information Server 4.0 IIS 4.0 does not, by default, make use of the affected function. If the application calling the affected file management function carries out input validation, the specially crafted request may not be passed to the vulnerable function.
The vulnerability cannot be used to cause Windows NT 4.0 Server itself to fail. Only the application that makes the request may fail.

As per Microsoft Security Bulletin MS03-029, Microsoft tested Windows NT 4.0 Server, Windows 2000, Windows XP and Windows Server 2003 to assess whether they are affected by these vulnerabilities. Previous versions may or may not be affected by these vulnerabilities.

Apply the appropriate patch as specified by Microsoft Security Bulletin MS03-029.

Microsoft Windows NT Server 4.0 SP6a:
Microsoft Patch Q823803i.EXE