Description
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
1) A sign-extension error in the Windows DNS server when processing a query for a NAPTR (Name Authority Pointer) resource record can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code, but requires that the server is setup e.g. as a caching or relay DNS server.
2) An error within the Windows DNS server when processing a query for a non-existent domain can be exploited to cause the server to stop responding.
Solution
Apply patches.
Provided and/or discovered by
1) The vendor credits Grischa Zengel, Zengel Medizintechnik
2) Reported by the vendor
Original Advisory
MS11-058 (KB2562485):
http://www.microsoft.com/technet/security/Bulletin/MS11-058.mspx
1) The vendor credits Grischa Zengel, Zengel Medizintechnik
2) Reported by the vendor
Original Advisory
MS11-058 (KB2562485):
http://www.microsoft.com/technet/security/Bulletin/MS11-058.mspx
Comments
Post a Comment