Microsoft Windows WINS service local elevation of privilege vulnerability-vulnerability warning-the black bar safety net

2008-06-17T00:00:00
ID MYHACK58:62200819380
Type myhack58
Reporter 佚名
Modified 2008-06-17T00:00:00

Description

Source: IT Lab Microsoft Windows is Microsoft released the very popularoperating system. In Windows, the WINS service does not adequately validate specially crafted WINS network packets within the data structure, may allow a local attacker to use elevated permissions to run the code.

Release date: 2008-06-10

Update date: 2008-06-12

Affected systems:

Microsoft Windows Server 2 0 0 3 SP2

Microsoft Windows Server 2 0 0 3 SP1

Microsoft Windows 2000SP4

Description:

----------------------------------------------------------------------------

BUGTRAQ ID: 2 9 5 8 8

CVE(CAN) ID: CVE-2 0 0 8-1 4 5 1

Microsoft Windows is Microsoft released the very popularoperating system.

In Windows, the WINS service does not adequately validate specially crafted WINS network packets within the data structure, may allow a local attacker to use elevated permissions to run the code. Successful exploitation of this vulnerability attacker can completely control the affected system. Subsequently, the attacker could install programs; view, change, or delete data; or create new accounts.

<*Source: Microsoft

Links: http://secunia.com/advisories/30584/

http://www.microsoft.com/technethttp://security.chinaitlab.com/bulletin/MS08-034.mspx?pf=true

http://www.us-cert.gov/cas/techalerts/TA08-162B.html

*>

Recommendations:

----------------------------------------------------------------------------

Vendor patches:

Microsoft

---------

Microsoft has released a security Bulletin MS08-0 3 4, as well as the corresponding patch:

MS08-0 3 4: a Vulnerability in WINS Could Allow Elevation of Privilege (9 4 8 7 4 5)

Links: http://www.microsoft.com/technethttp://security.chinaitlab.com/bulletin/MS08-034.mspx?pf=true *Source: MICROSOFT - >