A vulnerability was reported in Microsoft Windows in ‘wins.exe’. A remote user can execute arbitrary code on the target system.
Nicolas Waisman from Immunity reported that a remote user can send a specially crafted WINS packet to the target server on TCP port 42 to modify a memory pointer and write arbitrary contents to arbitrary memory locations. A remote user can execute arbitrary code on the target system.
The original advisory is available at:
http://www.immunitysec.com/downloads/instantanea.pdf
Impact: A remote user can execute arbitrary code on the target system.
Solution: No solution was available at the time of this entry.
Underlying OS: Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (2003), Windows (XP)
OS Comments: Tested on Windows 2000 SP2, SP3, SP4
Reported By: Nicolas Waisman