Issued: February 10, 2004 - Version Number: 1.0 - Impact of vulnerability: Remote Code Execution - Maximum Severity Rating: Important
Affected Software: Windows NT4/2000/2003 SERVER
Overview:
A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.
Download: Microsoft Windows Server 2003 Patch | NT4 Server SP6a Patch | Windows2000 (all versions)
