Lucene search
K

3 matches found

CVE
CVE
added 2009/08/12 5:0 p.m.78 views

CVE-2009-1923

CVE-2009-1923 describes a heap-based buffer overflow in the Windows WINS service that can allow remote code execution on Windows 2000 SP4 and Windows Server 2003 SP2. The flaw occurs during WINS replication packet processing, where a buffer-length calculation leads to a heap overflow. Public refe...

9.3CVSS7.9AI score0.24658EPSS
Exploits1References3Affected Software2
seebug.org
seebug.org
added 2009/08/12 12:0 a.m.45 views

Microsoft Windows WINS Server网络报文堆溢出漏洞(MS09-039)

BUGTRAQ ID: 35980 CVECAN ID: CVE-2009-1923 Microsoft Windows是微软发布的非常流行的操作系统。 Windows服务器上的WINS.exe进程用于为NetBIOS网络提供名称解析服务。在解析push请求时WINS服务将报文数据拷贝到了静态的堆缓冲区上。如果远程攻击者提供了特制的请求,就可以触发堆溢出,导致以SYSTEM权限执行任意代码。 Microsoft Windows Server 2003 SP2 Microsoft Windows 2000 Server SP4 临时解决方法: 在防火墙上屏蔽TCP 42和UDP 42端口。...

9.3CVSS6.9AI score0.24658EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2009/08/11 12:0 a.m.34 views

Microsoft WINS Buffer Length Heap Overflow (MS09-039; CVE-2009-1923)

Windows Internet Naming Service WINS was designed specifically to support NetBIOS over TCP/IP NetBT, and is required for any environment in which users access resources that have NetBIOS names. A remote code execution vulnerability has been discovered in Microsoft WINS. The vulnerability is due t...

9.3CVSS7.8AI score0.24658EPSS
Exploits1
Rows per page
Query Builder