6.4
CVE-2009-0234
- EPSS 34.44%
- Veröffentlicht 11.03.2009 14:19:15
- Zuletzt bearbeitet 16.06.2026 23:04:33
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows Server 2003 Updatesp1
Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Server 2008 Editionx64
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.44% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.us-cert.gov/cas/techalerts/TA09-069A.html
http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx
http://secunia.com/advisories/34217
http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm
http://www.vupen.com/english/advisories/2009/0661
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008
http://www.securitytracker.com/id?1021831
http://osvdb.org/52518
http://www.kb.cert.org/vuls/id/319331
http://www.securityfocus.com/bid/33988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5715