Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1080

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1080
Last Modified 07 Mar 2011 09:16:36
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1080

Summary

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 2000

  • Microsoft Windows 2003 Server 2003

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Nt 4.0


References

CERT-VN - VU#145134

BID - 11763

XF - wins-memory-pointer-hijack(18259)

ISS - 20041129 Microsoft WINS Server Vulnerability

OSVDB - 12378

MS - MS04-045

MISC - http://www.immunitysec.com/downloads/instantanea.pdf

CIAC - P-054

MSKB - 890710

SECTRACK - 1012516

SECUNIA - 13328

BUGTRAQ - 20041126 Immunity, Inc Advisor


Last Updated: 27 May 2016 10:38:53