10
CVSSv2

CVE-2004-1080

CVSSv4: NA | CVSSv3: NA | CVSSv2: 10 | VMScore: 1000 | EPSS: 0.96526 | KEV: Not Included
Published: 10/01/2005 Updated: 20/11/2024

Vulnerability Summary

Remote Code Execution via Association Context Vulnerability in WINS Service

The WINS service (wins.exe) found on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 has a vulnerability. Remote attackers can exploit this by writing to any memory location. They may also run arbitrary code. This happens through a changed memory pointer in a WINS replication packet sent to TCP port 42. This issue is known as the "Association Context Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2000

microsoft windows 2003 server 2000

microsoft windows 2003 server 2003

microsoft windows 2003 server enterprise

microsoft windows 2003 server enterprise 64-bit

microsoft windows 2003 server r2

microsoft windows 2003 server standard

microsoft windows 2003 server web

microsoft windows nt 4.0

Exploits

/* Windows Internet Name Service (WINS) Remote Heap Buffer Overflow ------------------------------------ ------------------------------------ Advisory credits: ---------------- Nicolas Waisman of Immunity Inc (wwwimmunityseccom) Advisory link: -- ...
## # $Id: ms04_045_winsrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...

References

NVD-CWE-Otherhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/909/https://www.kb.cert.org/vuls/id/145134https://www.first.org/epsshttp://marc.info/?l=bugtraq&m=110150370506704&w=2http://secunia.com/advisories/13328/http://securitytracker.com/id?1012516http://support.microsoft.com/kb/890710http://www.ciac.org/ciac/bulletins/p-054.shtmlhttp://www.immunitysec.com/downloads/instantanea.pdfhttp://www.kb.cert.org/vuls/id/145134http://www.osvdb.org/12378http://www.securityfocus.com/bid/11763http://xforce.iss.net/xforce/alerts/id/184https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045https://exchange.xforce.ibmcloud.com/vulnerabilities/18259https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1549https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2541https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2734https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3677https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4372https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4831http://marc.info/?l=bugtraq&m=110150370506704&w=2http://secunia.com/advisories/13328/http://securitytracker.com/id?1012516http://support.microsoft.com/kb/890710http://www.ciac.org/ciac/bulletins/p-054.shtmlhttp://www.immunitysec.com/downloads/instantanea.pdfhttp://www.kb.cert.org/vuls/id/145134http://www.osvdb.org/12378http://www.securityfocus.com/bid/11763http://xforce.iss.net/xforce/alerts/id/184https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045https://exchange.xforce.ibmcloud.com/vulnerabilities/18259https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1549https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2541https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2734https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3677https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4372https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4831