SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   nslookup Vendors:   Microsoft
Windows nslookup Bug May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020711
SecurityTracker URL:  http://securitytracker.com/id/1020711
CVE Reference:   CVE-2008-3648   (Links to External Site)
Date:  Aug 19 2008
Impact:   Execution of arbitrary code via network, User access via network


Description:   A vulnerability was reported in nslookup on Microsoft Windows XP. A remote user may be able to cause arbitrary code to be executed on the target user's system.

When the target user enters an nslookup zone transfer command, the remote DNS server can return a specially crafted response to execute arbitrary code on the target system. Other commands may be affected.

The original advisory is available at:

http://packetstormsecurity.org/0808-advisories/Nslookup-Crash.txt

The report notes that this vulnerability is being actively exploited.

Ivan Sanchez reported this vulnerability.

Impact:   A remote server can return a response to a user-generated nslookup command that, when processed by the target nslookup application, will execute arbitrary code on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC