Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in WINS Could Allow Remote Code Execution (969883) |
Informations | |||
---|---|---|---|
Name | MS09-039 | First vendor Publication | 2009-08-11 |
Vendor | Microsoft | Last vendor Modification | 2009-08-12 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (August 12, 2009): Updated the Affected Software table to list KB961064 as the only KB replaced by this update in Microsoft Security Bulletin MS09-008Summary: This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-039.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6354 | |||
Oval ID: | oval:org.mitre.oval:def:6354 | ||
Title: | WINS Integer Overflow Vulnerability | ||
Description: | Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1924 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6410 | |||
Oval ID: | oval:org.mitre.oval:def:6410 | ||
Title: | WINS Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1923 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 3 |
ExploitDB Exploits
id | Description |
---|---|
2003-10-09 | MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) |
OpenVAS Exploits
Date | Description |
---|---|
2009-08-13 | Name : Microsoft Windows WINS Remote Code Execution Vulnerability (969883) File : nvt/secpod_ms09-039.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56900 | Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote... |
56899 | Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote O... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows WINS replication inform2 request memory corruption attempt RuleID : 17721 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows WINS replication inform2 request memory corruption attempt RuleID : 15849 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | WINS replication request memory corruption attempt RuleID : 15848 - Revision : 7 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-08-12 | Name : Arbitrary code can be executed on the remote host through the WINS service. File : smb_nt_ms09-039.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : Arbitrary code can be executed on the remote host through the WINS service File : wins_replication_overflow2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:18 |
|
2014-01-19 21:30:21 |
|
2013-05-11 00:49:31 |
|