4 matches found
Microsoft Windows DNS/WINS服务器多个欺骗漏洞(MS09-008)
BUGTRAQ ID: 34013,33982,33988,33989 CVECAN ID: CVE-2009-0093,CVE-2009-0094,CVE-2009-0233,CVE-2009-0234 Microsoft Windows是微软发布的非常流行的操作系统。 Windows DNS服务器和WINS服务器存在多个漏洞,可能会允许远程攻击者将Internet上发送给系统的网络通信重定向至攻击者自己的系统。 1 Windows DNS服务器没有正确地重新使用缓存的响应,特制的DNS查询可以向DNS缓存投毒,重新定向网络通讯。 2 Windows...
CVE-2009-0094
The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the 1 "wpad" and 2 "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD and Intra-Site Automatic Tunnel Addressing Protocol ISATAP...
CVE-2009-0094
This CVE describes WPAD/ISATAP spoofing via WINS/DNS server vulnerabilities in Windows 2000 SP4 and Windows Server 2003 SP1/SP2. The root cause is lack of restrictions on registering WPAD/ISATAP names in WINS (and WPAD in DNS in related entries), enabling remote authenticated actors to hijack WPA...
Microsoft WINS Server WPAD Registration Spoofing (MS09-008; CVE-2009-0094)
The Web Proxy Auto-Discovery WPAD feature enables web clients to automatically detect proxy settings without user intervention. A WPAD registration spoofing vulnerability has been reported in Microsoft WINS servers. The vulnerability is due to an error in the Windows WINS server that fails to...