Vulnerability Name:

CVE-2004-1080 (CCN-18259)

Assigned:2004-11-26
Published:2004-11-26
Updated:2019-04-30
Summary:The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1080

Source: BUGTRAQ
Type: UNKNOWN
20041126 Immunity, Inc Advisor

Source: CCN
Type: SA13328
Microsoft Windows WINS Replication Packet Handling Vulnerability

Source: SECUNIA
Type: UNKNOWN
13328

Source: CCN
Type: SECTRACK ID: 1012516
(Vendor Issues Fix) Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code

Source: SECTRACK
Type: UNKNOWN
1012516

Source: CCN
Type: Microsoft Knowledge Base Article 890710
How to help protect against a WINS security issue

Source: MSKB
Type: UNKNOWN
890710

Source: CIAC
Type: UNKNOWN
P-054

Source: MISC
Type: UNKNOWN
http://www.immunitysec.com/downloads/instantanea.pdf

Source: CCN
Type: US-CERT VU#145134
Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#145134

Source: CCN
Type: Microsoft Corporation Web site
Windows Internet Name Service (WINS)

Source: CCN
Type: Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (870763)

Source: CCN
Type: Microsoft Security Bulletin MS08-034
Vulnerability in WINS Could Allow Elevation of Privilege (948745)

Source: CCN
Type: Microsoft Security Bulletin MS09-008
Vulnerabilities in DNS and WINS server could allow Spoofing (962238)

Source: OSVDB
Type: UNKNOWN
12378

Source: CCN
Type: OSVDB ID: 12378
Microsoft Windows WINS Association Context Validation Remote Code Execution

Source: BID
Type: Patch, Vendor Advisory
11763

Source: CCN
Type: BID-11763
Microsoft Windows WINS Association Context Data Remote Memory Corruption Vulnerability

Source: ISS
Type: UNKNOWN
20041129 Microsoft WINS Server Vulnerability

Source: MS
Type: UNKNOWN
MS04-045

Source: XF
Type: UNKNOWN
wins-memory-pointer-hijack(18259)

Source: XF
Type: UNKNOWN
wins-memory-pointer-hijack(18259)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1549

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2541

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2734

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3677

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4372

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4831

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:terminal_server:*:x86:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_nt:4.0::terminal_server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:-:*:*:advanced_server:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0::server:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:2541
    V
    WINS Association Context Vulnerability (Windows 2000)
    2011-05-16
    oval:org.mitre.oval:def:4372
    V
    WINS Association Context Vulnerability (Terminal Server Test 2)
    2008-03-24
    oval:org.mitre.oval:def:4831
    V
    WINS Association Context Vulnerability (NT 4.0)
    2008-03-24
    oval:org.mitre.oval:def:2734
    V
    WINS Association Context Vulnerability (Terminal Server Test 1)
    2005-06-29
    oval:org.mitre.oval:def:1549
    V
    WINS Association Context Vulnerability (64-bit Server 2003, Test 1)
    2005-02-23
    oval:org.mitre.oval:def:3677
    V
    WINS Association Context Vulnerability (64-bit Server 2003, Test 2)
    2005-02-23
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2003 server 2000
    microsoft windows 2003 server 2003
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server standard
    microsoft windows 2003 server web
    microsoft windows nt 4.0
    microsoft windows nt 4.0
    microsoft windows nt 4.0
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp1
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp2
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp3
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp4
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp5
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6
    microsoft windows nt 4.0 sp6a
    microsoft windows nt 4.0 sp6a
    microsoft windows nt 4.0 sp6a
    microsoft windows nt 4.0
    microsoft windows 2000 - -
    microsoft windows nt 4.0
    microsoft windows 2003 server *