A flaw found in Microsoft's software could be exploited to cause a DoS (denial-of-service) attack on certain applications, although the bug isn't viewed as being severe.
The flaw could be exploited through a buffer overflow attack, security vendor Secunia reported yesterday. A buffer overflow occurs when excess data flows into an area of memory, spilling over so that it overwrites data in adjacent areas or causes unintended code to execute.
For the attack to occur, a user would have to be lured into visiting a malicious website with an overly long URL, or else opening an internet shortcut that leads to such a site.
Secunia rated the vulnerability as "less critical", the second-lowest severity rating on its five-level scale. The flaw could be used to crash applications, but a hacker might not be able to run malicious code thanks to a prevention mechanism in Windows, the company said.
The problem affects the Home and Professional editions of Microsoft Windows XP Service Pack 2.0, and four versions of Windows Server 2003: Datacenter, Enterprise, Standard and Web edition, Secunia said. It's advisory is here.