CVE-1999-1593

Description

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.

Related CPE's

o microsoft windows_2000 -*******

o microsoft windows_95 -*******

o microsoft windows_98 -*******

References

20010118 Re: Invalid WINS entries

Mailing ListThird Party Advisory

20010117 Invalid WINS entries

Mailing ListThird Party Advisory

20010118 Re: Invalid WINS entries

Mailing ListThird Party Advisory

https://www2.sans.org/reading_room/whitepapers/win2k/185.php

Broken LinkExploit

20010117 Re: Invalid WINS entries

Mailing ListThird Party Advisory

20010117 Re: Invalid WINS entries

Mailing ListThird Party Advisory

Third Party AdvisoryVDB Entry

20010119 Re: Invalid WINS entries

Mailing ListThird Party Advisory

19990302 NT Domain DoS and Security Exploit with SAMBA Server

Broken LinkThird Party Advisory

20010117 Re: Invalid WINS entries

Mailing ListThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:H/Au:N/C:C/I:C/A:C
AccessVector	NETWORK
AccessComplexity	HIGH
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	COMPLETE
AvailabilityImpact	COMPLETE
BaseScore	7.599999904632568

Created by Yello

About Severity.io