The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/30584 - Vendor Advisory | |
References | () http://securitytracker.com/id?1020228 - Patch | |
References | () http://www.securityfocus.com/bid/29588 - Exploit, Patch | |
References | () http://www.us-cert.gov/cas/techalerts/TA08-162B.html - US Government Resource | |
References | () http://www.vupen.com/english/advisories/2008/1781 - | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-034 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5582 - |
Information
Published : 2008-06-12 02:32
Updated : 2024-11-21 00:44
NVD link : CVE-2008-1451
Mitre link : CVE-2008-1451
CVE.ORG link : CVE-2008-1451
JSON object : View
Products Affected
microsoft
- windows_2003_server
- windows_2000
CWE
CWE-20
Improper Input Validation