Summary
This host has Microsoft DNS Devolution and is prone to Third-Level Domain Name Resolving Weakness.
Impact
Successful attacks may result in disclosure of the private IP address and authentication credentials, modification of client proxy settings, phishing, redirection to other malicious sites, enticing vulnerable users to download malware.
Impact Level: System/Application
Solution
Apply the Security update from below link,
http://www.microsoft.com/technet/security/advisory/971888.mspx
Insight
The flaw is due to design error in the DNS devolution process which can be exploited by setting up a malicious site and carry out attacks against victims who are inadvertently directed to the malicious site.
Affected
Microsoft Windows 2k Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2k3 Service Pack 2 and prior
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- SMB Registry : XP Service Pack version
- Cisco VPN Client Privilege Escalation Vulnerability
- Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
- Microsoft Organization Chart Remote Code Execution Vulnerability
- Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)