NETBIOS: Windows WINS Association Context Data Remote Code Execution
This signature detects attempts to exploit a known vulnerability against NetBIOS WINS. A successful attack can lead to arbitrary code execution.
Extended Description
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
Affected Products
Microsoft windows_2000
Short Name
NETBIOS:WINS:ASSO-DATA-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
NETBIOS
Keywords
Association CVE-2004-1080 Code Context Data Execution Remote WINS Windows bid:11763
Release Date
07/08/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
TCP/42
False Positive
Unknown
Vendors
Microsoft