Alias(es)MS.WINS.Arbitrary.Memory.Write.C |
Release DateSep 11, 2006 |
Severitycritical |
ImpactAn attacker who has successfully exploited this vulnerability could have complete control of the affected system. |
DescriptionThis indicates a possible attempt to exploit a vulnerability in Microsoft WINS server.Microsoft Windows Internet Naming Service (WINS) provides a service that maps NETBIOS names to IP addresses. It has been reported that WINS has a vulnerability in its replication protocol which allows a remote user to specify the location of the association context. By controlling the location and contents of this data structure, a remote attacker can overwrite a small block of memory at an arbitrary location. |
Affected ProductsAny unprotected WINS server running on Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Server, and Microsoft Windows 2003 Server is vulnerable. |
Recommended ActionsApply the appropriate patch, as specified in Microsoft Security Bulletin MS04-045:http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-1080 |
Reference/shttp://www.kb.cert.org/vuls/id/145134http://technet.microsoft.com/en-us/security/bulletin/MS04-045.mspx (MS-ID) |
