Vulnerability CVE-2004-1080

Vulnerability Name:

CVE-2004-1080 (CCN-18259)

Assigned:

2004-11-26

Published:

2004-11-26

Updated:

2019-04-30

Summary:

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-1080

Source: BUGTRAQ
Type: UNKNOWN
20041126 Immunity, Inc Advisor

Source: CCN
Type: SA13328
Microsoft Windows WINS Replication Packet Handling Vulnerability

Source: SECUNIA
Type: UNKNOWN
13328

Source: CCN
Type: SECTRACK ID: 1012516
(Vendor Issues Fix) Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code

Source: SECTRACK
Type: UNKNOWN
1012516

Source: CCN
Type: Microsoft Knowledge Base Article 890710
How to help protect against a WINS security issue

Source: MSKB
Type: UNKNOWN
890710

Source: CIAC
Type: UNKNOWN
P-054

Source: MISC
Type: UNKNOWN
http://www.immunitysec.com/downloads/instantanea.pdf

Source: CCN
Type: US-CERT VU#145134
Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#145134

Source: CCN
Type: Microsoft Corporation Web site
Windows Internet Name Service (WINS)

Source: CCN
Type: Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (870763)

Source: CCN
Type: Microsoft Security Bulletin MS08-034
Vulnerability in WINS Could Allow Elevation of Privilege (948745)

Source: CCN
Type: Microsoft Security Bulletin MS09-008
Vulnerabilities in DNS and WINS server could allow Spoofing (962238)

Source: OSVDB
Type: UNKNOWN
12378

Source: CCN
Type: OSVDB ID: 12378
Microsoft Windows WINS Association Context Validation Remote Code Execution

Source: BID
Type: Patch, Vendor Advisory
11763

Source: CCN
Type: BID-11763
Microsoft Windows WINS Association Context Data Remote Memory Corruption Vulnerability

Source: ISS
Type: UNKNOWN
20041129 Microsoft WINS Server Vulnerability

Source: MS
Type: UNKNOWN
MS04-045

Source: XF
Type: UNKNOWN
wins-memory-pointer-hijack(18259)

Source: XF
Type: UNKNOWN
wins-memory-pointer-hijack(18259)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1549

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2541

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2734

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3677

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4372

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4831

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:terminal_server:*:x86:*

Configuration CCN 1:

cpe:/o:microsoft:windows_nt:4.0::terminal_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:-:*:*:advanced_server:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0::server:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:2541	V	WINS Association Context Vulnerability (Windows 2000)	2011-05-16
oval:org.mitre.oval:def:4372	V	WINS Association Context Vulnerability (Terminal Server Test 2)	2008-03-24
oval:org.mitre.oval:def:4831	V	WINS Association Context Vulnerability (NT 4.0)	2008-03-24
oval:org.mitre.oval:def:2734	V	WINS Association Context Vulnerability (Terminal Server Test 1)	2005-06-29
oval:org.mitre.oval:def:1549	V	WINS Association Context Vulnerability (64-bit Server 2003, Test 1)	2005-02-23
oval:org.mitre.oval:def:3677	V	WINS Association Context Vulnerability (64-bit Server 2003, Test 2)	2005-02-23

BACK