7.6
CVE-1999-1593
- EPSS 18.13%
- Veröffentlicht 15.01.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 21:50:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 18.13% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html
http://seclists.org/bugtraq/2001/Jan/0264.html
http://seclists.org/bugtraq/2001/Jan/0269.html
http://seclists.org/bugtraq/2001/Jan/0271.html
http://seclists.org/bugtraq/2001/Jan/0274.html
http://seclists.org/bugtraq/2001/Jan/0276.html
http://seclists.org/bugtraq/2001/Jan/0289.html
http://seclists.org/bugtraq/2001/Jan/0298.html
http://www.securityfocus.com/bid/2221
https://www2.sans.org/reading_room/whitepapers/win2k/185.php