Microsoft Windows DHCP Client Service Remote Buffer Overflow

原创 2007年09月23日 14:29:00
 

HTML Tags and JavaScript tutorial



Microsoft Windows DHCP Client Service Remote Buffer Overflow





 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: Microsoft Windows DHCP Client Service Remote Buffer Overflow
==================
Vulnerability Class: Buffer Overflow
====================
Release Date: 07/11/2006
=============
Affected Platforms:
===================
* Microsoft Windows 2000 (<= SP4)
* Microsoft Windows XP (<= SP2)
* Microsoft Windows 2003 (<= SP1)
Local / Remote: Remote
===============
Severity: High
=========
Author: Mariano Nuñez Di Croce
=======
Vendor Status:
==============
* Confirmed, update released.
Reference to Vulnerability Disclosure Policy:
=============================================
http://www.cybsec.com/vulnerability_policy.pdf
Vulnerability Description:
==========================
A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service.
Technical Details:
==================
Technical details will be released 30 days after publication of this pre-advisory.
This was agreed upon with Microsoft to allow their customers to upgrade affected software prior to technical knowledge been publicly available.
Impact:
=======
Exploiting this vulnerability, an attacker would be able to execute code remotely with SYSTEM privileges over DHCP-enabled Microsoft Windows systems.
Solutions:
==========
Microsoft has released a hotfix to address this vulnerability.
Customers should apply the hotfix immediately or upgrade their systems through Microsoft Windows Update system.
Vendor Response:
================
* 12/26/2005: Initial Vendor Contact.
* 01/19/2006: Vendor Confirmed Vulnerability.
* 07/11/2006: Vendor Releases Update.
* 07/11/2006: Pre-Advisory Public Disclosure.
Contact Information:
====================
For more information regarding the vulnerability feel free to contact
the author at mnunez {at} cybsec.com.
For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
- --
- ------------------------------
Mariano Nuñez Di Croce
CYBSEC S.A. Security Systems
Email: mnunez@xxxxxxxxxx
Tel/Fax: (54-11) 4382-1600
Web:
http://www.cybsec.com
PGP:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x26B20899
- ------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEs+e0bbZGNCayCJkRAtxlAJ4r6zKhP2Uv/Tq8YOoAErDXn9lc8wCfcy8W
EMk1oIYCbhnNnm1PlElLpi8=
=3ZFG
-----END PGP SIGNATURE-----


版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

驱动开发利器Microsoft Windows Driver Kit 7.1.0下载

在Windows 2000 与Windows XP 系统采用是WINDDK来开发WINDOWS驱动程序,我手头也有WINDDK,可是从Windows Vista开始之后,一般采用Microsoft W...

Microsoft Windows Kernel整数截断本地权限提升漏洞:触发原因-汇编形态

Microsoft Windows Kernel整数截断本地权限提升漏洞 http://sebug.net/vulndb/20361/上面的代码在vs2008下能直接编译 vc6.0编译错误一大堆()...

OpenGL ES 平台搭建教程(在包含Visual Studio 的Microsoft Windows 上构建)

OpenGL ES 3.0一书中第十一章讲了如何搭建OpenGL ES 平台,但是书中讲解过于简单,下面是我在搭建过程中的详细步骤。我用的是64位win7+VS2013.   第一步:  cm...

Demonstration of DB Query Analyzer 6.03 Installation and Running on Microsoft Windows 8

This essay gives a demonstration of DB Query Analyzer Installation and Running on Microsoft Windows ...

Microsoft Windows CE 5.0 Board Support Package, Boot Loader, and Kernel Startup Sequence

Learn about the initial, low-level startup sequence and the hardware platform functions that are per...

datastage8.7 Microsoft Windows 脚本编制引擎必须正常工作。

1.安装datastage8.7客户端遇到这个奇葩的问题 datastage8.7 Microsoft Windows 脚本编制引擎必须正常工作。 2.在自己本机重新建一个例如:xxx.reg注册...

Microsoft Windows历史版本

Windows 1   1985年11月20日发布   微软Windows系统的第一个版本最重要的成绩就是它将图形用户界面和多任务技术引入了桌面计算领域。它用窗口替换了命令提示符,整个操作系统变得...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)