Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability

Bugtraq ID:	12889
Class:	Access Validation Error
CVE:	CVE-2005-0904
Remote:	Yes
Local:	No
Published:	Mar 23 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Discovery is credited to Juha-Matti Laurio <[email protected]>.
Vulnerable:	Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Professional SP1 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Home SP1
Not Vulnerable:	Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2

Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability

Microsoft Windows XP is prone to a remote denial of service vulnerability. This issue can allow a remote unauthorized user to shutdown an affected computer.

A remote attacker uses the TSShutdn.exe command to restart or shutdown a computer.

It should be noted that the exploitation of this vulnerability may require the attacker to be part of the same domain. This BID will be updated when more information is available.

Microsoft Windows XP Service Pack 1 is affected by this issue.

Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability

An exploit is not required.

The following proof of concept is available:

Tsshutdn 0 /SERVER:yyyzzz /DELAY:0

Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability

Solution:
Microsoft has released a hotfix to address this issue. Please contact the vendor to obtain the fix.

Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability

References:

• 889323 - Non-administrative users can remotely shut down a Windows XP (Microsoft)