DNS: Microsoft Windows DNSAPI NSEC3 Heap-based Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the DNSAPI component of Microsoft Windows. Successful exploitation could result in arbitrary code execution in the security context of the application that made the original DNS query.
Extended Description
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".
Affected Products
Microsoft windows_8.1
Short Name
DNS:OVERFLOW:MS-WIN-DNSAPI-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
Buffer CVE-2017-11779 DNSAPI Heap-based Microsoft NSEC3 Overflow Windows bid:101166
Release Date
10/24/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3