[原文]Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
Local Access Required
Denial of Service,
Loss of Integrity,
Loss of Availability
A local overflow exists in Microsoft Windows. The 'msinfo32.exe' application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the 'msinfo_file' variable containing 259 characters or more, a malicious user may cause the application to crash resulting in a loss of availability.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.