Lucene search
K

4 matches found

seebug.org
seebug.org
added 2009/03/12 12:0 a.m.52 views

Microsoft Windows DNS/WINS服务器多个欺骗漏洞(MS09-008)

BUGTRAQ ID: 34013,33982,33988,33989 CVECAN ID: CVE-2009-0093,CVE-2009-0094,CVE-2009-0233,CVE-2009-0234 Microsoft Windows是微软发布的非常流行的操作系统。 Windows DNS服务器和WINS服务器存在多个漏洞,可能会允许远程攻击者将Internet上发送给系统的网络通信重定向至攻击者自己的系统。 1 Windows DNS服务器没有正确地重新使用缓存的响应,特制的DNS查询可以向DNS缓存投毒,重新定向网络通讯。 2 Windows...

6.4CVSS6.6AI score0.34442EPSS
Exploits1
NVD
NVD
added 2009/03/11 2:19 p.m.24 views

CVE-2009-0094

The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the 1 "wpad" and 2 "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD and Intra-Site Automatic Tunnel Addressing Protocol ISATAP...

5.5CVSS6AI score0.23461EPSS
Exploits1References10
CVE
CVE
added 2009/03/11 2:0 p.m.67 views

CVE-2009-0094

This CVE describes WPAD/ISATAP spoofing via WINS/DNS server vulnerabilities in Windows 2000 SP4 and Windows Server 2003 SP1/SP2. The root cause is lack of restrictions on registering WPAD/ISATAP names in WINS (and WPAD in DNS in related entries), enabling remote authenticated actors to hijack WPA...

5.5CVSS6.1AI score0.23461EPSS
Exploits1References10Affected Software3
Check Point Advisories
Check Point Advisories
added 2009/03/10 12:0 a.m.17 views

Microsoft WINS Server WPAD Registration Spoofing (MS09-008; CVE-2009-0094)

The Web Proxy Auto-Discovery WPAD feature enables web clients to automatically detect proxy settings without user intervention. A WPAD registration spoofing vulnerability has been reported in Microsoft WINS servers. The vulnerability is due to an error in the Windows WINS server that fails to...

5.5CVSS6.2AI score0.23461EPSS
Exploits1
Rows per page
Query Builder