New Search

DNS Server Vulnerability in WPAD Registration Vulnerability

oval:org.mitre.oval:def:6138

Windows DNS Server in Microsoft Windows 2000 SP4 Server 2003 SP1 and SP2 and Server 2008 when dynamic updates are enabled does not restrict registration of the "wpad" hostname which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature and conduct man-in-the-middle attacks by spoofing a proxy server via a Dynamic Update request for this hostname aka "DNS Server Vulnerability in WPAD Registration Vulnerability" a related issue to CVE-2007-1692.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2009-0093
Product(s):