Reported November 28, 2004, by
Immunity
VERSIONS AFFECTED
DESCRIPTION
A vulnerability exists in Microsoft WINS that could result in the remote execution
of arbitrary code on the vulnerable system. WINS replication is done on TCP
port 42 using a Microsoft proprietary protocol. During this protocol
flow, a memory pointer is sent from server to client, and the client uses that pointer
to talk with the server. If a specially crafted packet is sent to the server,
an attacker can control the pointer and can make it point to an
attacker-controlled buffer and eventually write 16 bytes at any location.
VENDOR RESPONSE
Microsoft, has released "How to help protect against a WINS security
issue," http://support.microsoft.com/kbid?=890710, to address this
vulnerability.
CREDIT
Discovered by Nicolas Waisman.