CVE-2009-1924

critical

Description

Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6354

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-039

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

Details

Source: Mitre, NVD

Published: 2009-08-12

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical