| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS09-039 | Vulnerabilities in WINS Could Allow Remote Code Execution (969883) | Microsoft Windows | Critical | 12-08-2009 |
Technical Information
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service.
Detailed Information on the risk:
A remote code execution vulnerability exists in the Windows Internet Name Service (WINS) due to a buffer overflow caused by incorrect calculation of buffer length when processing specially crafted WINS network packets. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Further information on this exploit is available at : MS09-039
Affected Software
Microsoft Windows 2000 Server Service Pack 4Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems