Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Microsoft Windows WINS Server Buffer Overflow Vulnerability

Feb 10, 2004 5:18AM PST

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network



OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition




CVE reference: CAN-2003-0825



Description:
Qualys has discovered a vulnerability in certain versions of Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in WINS (Windows Internet Naming Service) when validating the length of certain packets. This can be exploited to cause a buffer overflow by sending a series of specially crafted packets to a vulnerable WINS server.


More: http://www.secunia.com/advisories/10835/

Discussion is locked