Microsoft Windows XP, 2000 and Server 2003 contain a vulnerability that could allow a remote attacker to trigger a buffer overflow on the affected system.
The vulnerability exists due to improper bounds checking in the Print Spooler service. An attacker could exploit this vulnerability by supplying a message containing excessive data to the print spooler. This allows the attacker to trigger a buffer overflow, resulting in a denial of service (DoS) condition on XP Service Pack 2 and Server 2003 systems. An attacker could also exploit this vulnerability to execute arbitrary code with SYSTEM privileges on Windows 2000 and XP systems. This allows the attacker to install programs, modify data, and create additional user accounts.
Exploit code is reportedly available.
Patches are available.