Microsoft Windows WINS Multiple Vulnerabilities( 12 August 2009 )

Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4589 Views

RISK: Medium Risk

Medium Risk

1. WINS Heap Overflow Vulnerability

A remote code execution vulnerability exists in the Windows Internet Name Service (WINS) due to a buffer overflow caused by incorrect calculation of buffer length when processing specially crafted WINS network packets. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

2. WINS Integer Overflow Vulnerability

A remote code execution vulnerability exists in the default configuration of the Windows Internet Name Service (WINS) due to insufficient validation of data structures within specially crafted WINS network packets received from a trusted WINS replication partner.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows Server 2003

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Message Queuing service (MSMQ) Null Pointer Vulnerability( 12 August 2009 )

12 Aug 2009 4592 Views

Next

Apple Safari Code Execution and Security Bypass Vulnerabilities

13 Aug 2009 4860 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY