VulDB: Microsoft Windows 2000/Server 2003 DNS Service buffer overflow
General
scipID: 3012
Affected: Microsoft Windows 2000/Server 2003
Published: 04/13/2007
Risk: 
critical
Entry: 98.7% complete
Created: 04/18/2007
Updated: 09/03/2012
Summary
A vulnerability classified as critical has been found in Microsoft Windows 2000/Server 2003. Affected is an unknown function of the component DNS Service. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 04/13/2007 with 0-Day. The advisory is shared for download at microsoft.com. This vulnerability is traded as CVE-2007-1748 since 03/29/2007. The attack needs to done within the local network. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 25168, which helps to determine the existence of the flaw in a target environment. It is running in the context local and relying on port 139.
The best possible mitigation is suggested to be upgrading to the latest version. The vulnerability is also documented in the databases at OSVDB (34100), Secunia (SA24871), SecurityFocus (BID 23470), SecurityTracker (ID 1017910) and X-Force (33629).CVSS
Base Score: 4.9 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Partially
Availability: No
Nessus ID: 25168
Nessus Risk: Critical
Nessus Context: local
Nessus Port: 139
Countermeasures
Recommended: Upgrade
0-Day Time: 0 days since found
Timeline
03/29/2007 | CVE assigned
04/13/2007 | Advisory disclosed
04/13/2007 | OSVDB entry created
04/18/2007 | VulDB entry created
05/08/2007 | Nessus plugin released
09/03/2012 | VulDB entry updated
Sources
Advisory: microsoft.com
Company: 0-Day
Confirmation: microsoft.com
OSVDB: 34100
CVE: CVE-2007-1748 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 24871
SecurityFocus: 23470
SecurityTracker: 1017910
X-Force: 33629
Vupen: ADV-2007-1366
- Latest Entries
- Google Chrome Web Audio Handler buffer overflow [CVE-2013-2845]
- Google Chrome Style Resolution Handler buffer overflow [CVE-2013-2844]
- Google Chrome Speech Handler buffer overflow [CVE-2013-2843]
- Google Chrome Widget Handler buffer overflow [CVE-2013-2842]
- Google Chrome Pepper Resource Handler buffer overflow [CVE-2013-2841]
- Statistics
- Archive
