CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS11-035 | Vulnerability in WINS Could Allow Remote Code Execution (2524426) | Windows Server | Critical | 11-05-2011 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
Detailed Information on the risk:
A remote code execution vulnerability exists in the Windows Internet Name Service (WINS) due to insufficient validations for the data structures within specially crafted WINS network packets sent to the WINS service.
Further information on this exploit is available at : MS11-035
Affected Software
Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*