{"vuid":"VU#445214","idnumber":"445214","name":"Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets","keywords":["Microsoft","Windows Internet Naming Service","WINS","packet length","specially crafted packets","MS04-006"],"overview":"Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.","clean_desc":"The Windows Internet Naming Service (WINS) maps IP addresses to NETBIOS computer names. There is a vulnerability in the way WINS validates the length of specially crafted packets. This could allow an attacker to cause WINS to crash. According to Microsoft, this vulnerability will only cause a denial of service on Windows Server 2003. While the vulnerable code exists in Windows NT and Windows 2000, WINS will reject the specially crafted packet thus not causing a denial of service.","impact":"On Windows Server 2003, an unauthenticated, remote attacker could cause WINS to crash.","resolution":"Apply Patch\nApply the patch (830352) referenced in Microsoft Security Bulletin MS04-006.","workarounds":"Block or restrict access As a temporary measure, it is poss","sysaffected":"","thanks":"This vulnerability was reported by Microsoft. Microsoft, in turn, credits Qualys for discovering this vulnerability.","author":"This document was written by Damon Morda.","public":["http://www.microsoft.com/technet/security/bulletin/MS04-006.asp","http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_WINS_ovr_WhatIs.asp"],"cveids":["CAN-2003-0825"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:13:40.697337Z","publicdate":"2004-02-10T00:00:00Z","datefirstpublished":"2004-02-23T14:51:11Z","dateupdated":"2004-02-23T22:00:00Z","revision":21,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":2.625,"vulnote":null}