Microsoft Windows WINS Association Context Data Remote Memory Corruption Vulnerability

It is reported that the WINS replication protocol contains a vulnerability that when exploited will result in memory corruption. The issue exists due to a protocol design flaw that allows a remote user to specify the location of an association context data structure in memory.

Because the attacker may control the location of the data structure, this vulnerability may be exploited to corrupt process memory.

This issue could potentially be exploited remotely by a WINS client to execute arbitrary code with SYSTEM level privileges on a target WINS server. The service may be exposed via TCP/UDP port 42 by default, but the vendor has stated that other attack vectors may exist though none are known at this time.

The WINS service is not installed by default on most Microsoft Windows platforms.

** UPDATE: The WINS service is installed and enabled by default on Microsoft Small Business Server 2000/2003. However, the ports used for the service are reportedly not remotely accessible by default on Small Business Server.


 

Privacy Statement
Copyright 2010, SecurityFocus