Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS04-045 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | N/A |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Vulnerability in WINS Could Allow Remote Code Execution (870763) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1549 | |||
| Oval ID: | oval:org.mitre.oval:def:1549 | ||
| Title: | WINS Association Context Vulnerability (64-bit Server 2003, Test 1) | ||
| Description: | The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1080 | Version: | 1 |
| Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows Internet Naming Service (WINS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2541 | |||
| Oval ID: | oval:org.mitre.oval:def:2541 | ||
| Title: | WINS Association Context Vulnerability (Windows 2000) | ||
| Description: | The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1080 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2734 | |||
| Oval ID: | oval:org.mitre.oval:def:2734 | ||
| Title: | WINS Association Context Vulnerability (Terminal Server Test 1) | ||
| Description: | The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1080 | Version: | 2 |
| Platform(s): | Microsoft Windows NT | Product(s): | Windows Internet Naming Service (WINS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:3677 | |||
| Oval ID: | oval:org.mitre.oval:def:3677 | ||
| Title: | WINS Association Context Vulnerability (64-bit Server 2003, Test 2) | ||
| Description: | The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1080 | Version: | 1 |
| Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows Internet Naming Service (WINS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:4372 | |||
| Oval ID: | oval:org.mitre.oval:def:4372 | ||
| Title: | WINS Association Context Vulnerability (Terminal Server Test 2) | ||
| Description: | The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1080 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Windows Internet Naming Service (WINS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:4831 | |||
| Oval ID: | oval:org.mitre.oval:def:4831 | ||
| Title: | WINS Association Context Vulnerability (NT 4.0) | ||
| Description: | The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1080 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Windows NT 4.0 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft WINS replication service pointer corruption | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-09-20 | Microsoft WINS Service Memory Overwrite |
| 2005-04-12 | MS Windows (WINS) Remote Buffer Overflow Exploit (v.3) |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 12378 | Microsoft Windows WINS Association Context Validation Remote Code Execution Microsoft Windows Server contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an error in 'WINS.EXE' when handling replication packets. By sending a specially crafted WINS replication packet containing a modified memory pointer, a remote attacker could execute arbitrary code resulting in a loss of integrity. |
| 12370 | Microsoft Windows WINS Computer Name Validation Remote Code Execution A remote overflow exists in Microsoft Windows. WINS fails to perform proper bounds checking on the 'name' parameter on incoming WINS packets resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows WINS overflow attempt RuleID : 3017-community - Revision : 17 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows WINS overflow attempt RuleID : 3017 - Revision : 17 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows WINS association context validation overflow attempt RuleID : 18320 - Revision : 6 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows WINS overflow attempt RuleID : 11684 - Revision : 8 - Type : OS-WINDOWS |
Metasploit Database
| id | Description |
|---|---|
| 2004-12-14 | MS04-045 Microsoft WINS Service Memory Overwrite |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-12-15 | Name : Arbitrary code can be executed on the remote host. File : wins_replication_overflow.nasl - Type : ACT_GATHER_INFO |
| 2004-12-14 | Name : Arbitrary code can be executed on the remote host via the WINS service. File : smb_nt_ms04-045.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:17:12 |
|
| 2016-03-06 09:24:50 |
|
| 2016-03-06 05:24:18 |
|
| 2014-02-17 11:45:06 |
|
| 2014-01-19 21:29:53 |
|
| 2013-05-11 12:21:38 |
|
