MS09-039  Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

Critical - Remote Code Execution This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2009-1923

Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
85.89%
Published
2009-08-12
Updated
2019-04-30

CVE-2009-1924

Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
90.78%
Published
2009-08-12
Updated
2019-04-30
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close