Arbitrary Code Execution in Microsoft WINS

Reported November 28, 2004, by Immunity

VERSIONS AFFECTED                                           

·         Microsoft WINS

A vulnerability exists in Microsoft WINS that could result in the remote execution of arbitrary code on the vulnerable system. WINS replication is done on TCP port 42 using a Microsoft proprietary protocol. During this protocol flow, a memory pointer is sent from server to client, and the client uses that pointer to talk with the server. If a specially crafted packet is sent to the server, an attacker can control the pointer and can make it point to an attacker-controlled buffer and eventually write 16 bytes at any location.

Microsoft, has released "How to help protect against a WINS security issue,", to address this vulnerability.

Discovered by Nicolas Waisman.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.