CERT-In Vulnerability Note CIVN-2008-81
Microsoft WINS Elevation of Privilege Vulnerability
Original Issue Date:
June 12, 2008
Severity Rating:
Medium
System Affected
- Microsoft Windows 2000 Server Service Pack 4
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 and sp2 for Itanium-based Systems
Overview
An elevation of privilege vulnerability has been reported in Windows Internet Name Service (WINS) on Microsoft Windows 2000 and Windows Server 2003.
Description
Windows Internet Name Service (WINS) is a service used by Microsoft networking environment that provides NetBIOS name to IP address mapping over TCP/IP.
This vulnerability is caused due to an insufficient input validation of data structure performed by WINS. A local attacker could exploit this vulnerability via specially crafted WINS network packets.
Successful exploitation of this vulnerability could cause the execution of arbitrary code or total system compromise.
Solution
Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS08-034
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-034.mspx
References
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-034.mspx
Secunia
http://secunia.com/advisories/30584/
CVE Name
CVE-2008-1451
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
