Microsoft Windows WINS Privilege Escalation Vulnerability
Secunia Advisory SA45891
Release Date 2011-09-13
Criticality level Less criticalLess critical
Impact Privilege escalation
Where Local system
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
3rd party PoC/exploit Link available in Customer Area
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia VIM
Operating System
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-1984 CVSS available in Customer Area
Description
Core Security Technologies has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an error in the Windows Internet Name Service (WINS) and can be exploited via a specially crafted sequence of WINS replication packets sent to the loopback address.
Successful exploitation may allow execution of arbitrary code with the privileges of the WINS service.
Solution
Patches will be available later today.
Provided and/or discovered by
Nicolas Economou, Core Security Technologies.
Original Advisory
Core Security Technologies:
http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validation
Posljednje sigurnosne preporuke