Microsoft WINS Name Validation exploit v1.31 Vulnerability exploited: CAN-2004-0567 - BID-7930 Category: Exploits/Remote Exploits a buffer overflow vulnerability in Microsoft's WINS server This module exploits an unbounded memory copy in the function RplMsgfUfmUpdVersNoReq() to overflow a buffer in the stack and overwrite the return address of a function. To know where to jump, the exploit uses the response from the WINS server to know where four bytes of our choice are stored in memory. This four bytes are used as trampoline to finally jump to the agent code. Supported Systems: Windows NT4 Server - sp6a (i386) Windows NT4 Enterprise Server - sp6a (i386) Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Server - sp4 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) Windows 2000 Advanced Server - sp3 (i386) Windows 2000 Advanced Server - sp4 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.