1. CVE-Search
  2. CVE-2012-1194
ID CVE-2012-1194
Summary The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter_without_hyper-v:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter_without_hyper-v:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter_without_hyper-v:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter_without_hyper-v:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter_without_hyper-v:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:datacenter_without_hyper-v:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise_without_hyper-v:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise_without_hyper-v:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise_without_hyper-v:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise_without_hyper-v:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise_without_hyper-v:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:enterprise_without_hyper-v:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions_without_hyper-v:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions_without_hyper-v:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions_without_hyper-v:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions_without_hyper-v:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions_without_hyper-v:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:essential_server_solutions_without_hyper-v:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:foundation:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:foundation:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:foundation:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:foundation:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:foundation:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:foundation:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard_without_hyper-v:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard_without_hyper-v:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard_without_hyper-v:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard_without_hyper-v:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard_without_hyper-v:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:standard_without_hyper-v:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:datacenter:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:datacenter:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:enterprise:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:enterprise:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:enterprise_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:enterprise_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:hpc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:hpc:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:standard:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:standard:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:storage:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:storage:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:web:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:web:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x32:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x32:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
CVSS
Base: 6.4 (as of 20-02-2012 - 05:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
refmap via4
misc https://www.isc.org/files/imce/ghostdomain_camera.pdf
Last major update 20-02-2012 - 05:00
Published 17-02-2012 - 22:55
Last modified 20-02-2012 - 05:00
Back to Top