Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   nslookup Vendors:   Microsoft
Windows nslookup Bug May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020711
SecurityTracker URL:
CVE Reference:   CVE-2008-3648   (Links to External Site)
Date:  Aug 19 2008
Impact:   Execution of arbitrary code via network, User access via network

Description:   A vulnerability was reported in nslookup on Microsoft Windows XP. A remote user may be able to cause arbitrary code to be executed on the target user's system.

When the target user enters an nslookup zone transfer command, the remote DNS server can return a specially crafted response to execute arbitrary code on the target system. Other commands may be affected.

The original advisory is available at:

The report notes that this vulnerability is being actively exploited.

Ivan Sanchez reported this vulnerability.

Impact:   A remote server can return a response to a user-generated nslookup command that, when processed by the target nslookup application, will execute arbitrary code on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC