漏洞信息详情
Microsoft WINS服务远程缓冲区溢出漏洞(MS04-045)
- CNNVD编号:CNNVD-200412-292
- 危害等级: 高危
![图片[1]-Microsoft WINS服务远程缓冲区溢出漏洞(MS04-045)-一一网](https://www.proyy.com/skycj/data/images/2021-09-05/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2004-0567
- 漏洞类型:
边界条件错误
- 发布时间:
2004-12-31
- 威胁类型:
远程
- 更新时间:
2006-04-19
- 厂 商:
microsoft - 漏洞来源:
Kostya Kortchinsky… -
漏洞简介
Microsoft Windows WINS是Microsoft NetBIOS名字服务,用于解析NetBIOS计算机名到IP地址。
Microsoft Windows WINS在处理关联的内容验证时存在问题,远程攻击者可以利用这个漏洞以系统进程权限执行任意指令。
由于对名字验证处理时缺少充分验证,攻击者可以构建恶意网络包触发缓冲区溢出,精心构建提交数据可能以系统进程权限执行任意指令。在Windows Server 2003中,目前看起来只能进行拒绝服务攻击。
漏洞公告
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS04-045)以及相应补丁:
MS04-045:Vulnerability in WINS Could Allow Remote Code Execution (870763)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx
补丁下载:
Microsoft Windows NT Server 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=38E9DB8C-5C43-4E9A-9DC9-97C2686A45F1” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=38E9DB8C-5C43-4E9A-9DC9-97C2686A45F1
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=D7AB3F6F-26FE-4AE8-A07A-481D772D03A6” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=D7AB3F6F-26FE-4AE8-A07A-481D772D03A6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=40146B52-5546-489E-857E-01FE1EF709B2” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=40146B52-5546-489E-857E-01FE1EF709B2
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=10836F38-A38B-47D5-B87B-18D8E26EEFAA” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=10836F38-A38B-47D5-B87B-18D8E26EEFAA
Microsoft Windows Server 2003 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=06CF9E85-C66D-4A7D-B2EB-99DE9423B60F” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=06CF9E85-C66D-4A7D-B2EB-99DE9423B60F
参考网址
来源:US-CERT Vulnerability Note: VU#378160
名称: VU#378160
链接:http://www.kb.cert.org/vuls/id/378160
来源: XF
名称: wins-memory-pointer-hijack(18259)
链接:http://xforce.iss.net/xforce/xfdb/18259
来源: MS
名称: MS04-045
链接:http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx
来源: CIAC
名称: P-054
链接:http://www.ciac.org/ciac/bulletins/p-054.shtml
来源: BID
名称: 11922
链接:http://www.securityfocus.com/bid/11922
来源: OSVDB
名称: 12370
链接:http://www.osvdb.org/12370
来源: SECTRACK
名称: 1012517
链接:http://securitytracker.com/id?1012517
来源: SECUNIA
名称: 13466
链接:http://secunia.com/advisories/13466
来源:NSFOCUS
名称:7231
链接:http://www.nsfocus.net/vulndb/7231
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
