A new flaw found in Microsoft's Windows software could be exploited to cause a denial-of-service attack on certain applications, although the bug isn't viewed as being severe.
The flaw could be exploited through a buffer overflow attack, according to security vendor Secunia. A buffer overflow occurs when excess data flows into an area of memory, spilling over so that it overwrites data in adjacent areas or causes unintended code to execute.
The problem affects the Home and Professional editions of Microsoft Windows XP Service Pack 2, and four versions of Windows Server 2003: Datacenter, Enterprise, Standard and Web edition, Secunia said.
For the attack to occur, a user would have to be lured into visiting a malicious Web site with a overly-long URL (uniform resource locator), or else opening an Internet shortcut that leads to such a site.
Microsoft said on Friday that it was investigating the flaw and that it wasn't aware of any attacks yet taking advantage of it.
Secunia rated the vulnerability as "less critical," the second-lowest severity rating on its five-level scale. The flaw could be used to crash applications, but a hacker might not be able to run malicious code thanks to a prevention mechanism in Windows, the company said.