Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1080

5 documents4 sources

Severity

10.0CRITICAL

EPSS

89.4%

top 0.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedJan 10

Latest updateApr 29

Description

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server7 versions+6

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-438w-xvxp-m9c6: The WINS service (wins↗2022-04-29

▶

CVEList

CVE-2004-1080: The WINS service (wins↗2004-12-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit)↗2010-09-20

▶

Exploit-DB

Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)↗2005-04-12

▶