MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Critical - Remote Code Execution This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
85.89%
Published
2009-08-12
Updated
2019-04-30
Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
90.78%
Published
2009-08-12
Updated
2019-04-30