<< Back
CVE Number Vulnerability Product Severity Date
MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883) Microsoft Windows Critical 12-08-2009

Technical Information

Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service.
Detailed Information on the risk:

A remote code execution vulnerability exists in the Windows Internet Name Service (WINS) due to a buffer overflow caused by incorrect calculation of buffer length when processing specially crafted WINS network packets. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

Further information on this exploit is available at : MS09-039

Affected Software

Microsoft Windows 2000 Server Service Pack 4
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems