Skip to main content

Microsoft Windows WINS Multiple Vulnerabilities( 12 August 2009 )

Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 5165 Views

RISK: Medium Risk

1. WINS Heap Overflow Vulnerability

A remote code execution vulnerability exists in the Windows Internet Name Service (WINS) due to a buffer overflow caused by incorrect calculation of buffer length when processing specially crafted WINS network packets. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

2. WINS Integer Overflow Vulnerability

A remote code execution vulnerability exists in the default configuration of the Windows Internet Name Service (WINS) due to insufficient validation of data structures within specially crafted WINS network packets received from a trusted WINS replication partner.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows Server 2003

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link