Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft WINS multiple security vulnerabilities
updated since 11.08.2009
Published:12.08.2009
Source:
SecurityVulns ID:10142
Type:remote
Threat Level:
7/10
Description:Integer overflow, heap buffer overflow.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability.")
 CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability.")
Original documentdocumentZDI, ZDI-09-053: Microsoft Windows WINS Service Heap Overflow Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883) (11.08.2009)
Files:Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod