Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code

A vulnerability was reported in Microsoft Windows in ‘wins.exe’. A remote user can execute arbitrary code on the target system.

Nicolas Waisman from Immunity reported that a remote user can send a specially crafted WINS packet to the target server on TCP port 42 to modify a memory pointer and write arbitrary contents to arbitrary memory locations. A remote user can execute arbitrary code on the target system.

The original advisory is available at:

http://www.immunitysec.com/downloads/instantanea.pdf

Impact:  A remote user can execute arbitrary code on the target system.

Solution:  No solution was available at the time of this entry.

Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (2003), Windows (XP)

OS Comments:  Tested on Windows 2000 SP2, SP3, SP4

Reported By:  Nicolas Waisman

http://www.securitytracker.com/alerts/2004/Nov/1012341.html

Leave a Reply