Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.
The Windows Internet Naming Service (WINS) maps IP addresses to NETBIOS computer names. There is a vulnerability in the way WINS validates the length of specially crafted packets. This could allow an attacker to cause WINS to crash.
According to Microsoft, this vulnerability will only cause a denial of service on Windows Server 2003. While the vulnerable code exists in Windows NT and Windows 2000, WINS will reject the specially crafted packet thus not causing a denial of service.
On Windows Server 2003, an unauthenticated, remote attacker could cause WINS to crash.
This vulnerability was reported by Microsoft. Microsoft, in turn, credits Qualys for discovering this vulnerability.
This document was written by Damon Morda.
|Date First Published:||2004-02-23|
|Date Last Updated:||2004-02-23 22:00 UTC|