Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code
|
|
SecurityTracker Alert ID: 1012341 |
|
SecurityTracker URL: http://securitytracker.com/id/1012341
|
|
CVE Reference:
CAN-2004-1080
(Links to External Site)
|
Updated: Dec 1 2004
|
Original Entry Date: Nov 27 2004
|
Impact:
Execution of arbitrary code via network, User access via network
|
|
|
Description:
A vulnerability was reported in Microsoft Windows in 'wins.exe'. A remote user can execute arbitrary code on the target system.
Nicolas Waisman from Immunity reported that a remote user can send a specially crafted WINS packet to the target server on TCP port 42 to modify a memory pointer and write arbitrary contents to arbitrary memory locations. A remote user can execute arbitrary code on the target system.
The original advisory is available at:
http://www.immunitysec.com/downloads/instantanea.pdf
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/ (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: 26 Nov 2004 19:46:08 -0000
Subject: Immunity, Inc Advisor
|
Hola (Hello),
A new vulnerability in wins that allows for remote unauthenticed system access, has been released from immunty's Vulnerability
Sharing Club to general canvas customers. Information on some research I did regarding this vuln can be found here:
http://www.immunitysec.com/downloads/instantanea.pdf
http://www.immunitysec.com/downloads/instantanea.sxw
Thanks
Nicolas Waisman
Immunity, Inc
http://www.immunitysec.com
Phone: 646-327-842
|
|
