ID CVE-2009-1924
Summary Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2009-09-28T04:00:25.942-04:00
class vulnerability
contributors
name Dragos Prisaca
organization Gideon Technologies, Inc.
definition_extensions
comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
description Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:6354
status accepted
submitted 2009-07-28T13:00:00
title WINS Integer Overflow Vulnerability
version 66
refmap via4
cert TA09-223A
ms MS09-039
Last major update 30-04-2019 - 14:27
Published 12-08-2009 - 17:30
Back to Top