CVE-2002-2401 Information

Description

NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000 NT and XP does not verify user execution permissions for 16-bit executable files which allows local users to bypass the loader and execute arbitrary programs.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html http://support.microsoft.com/default.aspx?scid=kb;[LN];319458 http://www.abtrusion.com/msexe16.asp http://www.iss.net/security_center/static/10132.php http://www.securityfocus.com/bid/5740