MS.Windows.WINS.Replication.Name.Buffer.Overflow
Description
This indicates a possible attempt to exploit a vulnerability in Microsoft WINS server.
Microsoft Windows Internet Naming Service (WINS) provides a service that maps NETBIOS names to IP addresses. It has been reported that WINS has a vulnerability in its replication protocol which allows a remote user to specify the location of the association context. By controlling the location and contents of this data structure, a remote attacker can overwrite a small block of memory at an arbitrary location.
Affected Products
Any unprotected WINS server running on Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Server, or Microsoft Windows 2003 Server is vulnerable.
Impact
An attacker who has successfully exploited this vulnerability could have complete control of the affected systems.
Recommended Actions
Apply appropriate patches indicated in Microsoft Bulletin MS04-045: http://www.microsoft.com/technet/security/Bulletin/MS04-045.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |