Vulnerability Note VU#445214
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.
The Windows Internet Naming Service (WINS) maps IP addresses to NETBIOS computer names. There is a vulnerability in the way WINS validates the length of specially crafted packets. This could allow an attacker to cause WINS to crash.
According to Microsoft, this vulnerability will only cause a denial of service on Windows Server 2003. While the vulnerable code exists in Windows NT and Windows 2000, WINS will reject the specially crafted packet thus not causing a denial of service.
On Windows Server 2003, an unauthenticated, remote attacker could cause WINS to crash.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||23 Feb 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Microsoft. Microsoft, in turn, credits Qualys for discovering this vulnerability.
This document was written by Damon Morda.
- CVE IDs: CAN-2003-0825
- Date Public: 10 Feb 2004
- Date First Published: 23 Feb 2004
- Date Last Updated: 23 Feb 2004
- Severity Metric: 2.62
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.