Detections
Analytics
MS12-017: Vulnerability in DNS Server Could Allow Denial of Service (2647170) (uncredentialed check)
medium Nessus Plugin ID 72837
Language:
Synopsis
The DNS server running on the remote host is susceptible to a denial of service attack.Description
According to its self-reported version number, the Microsoft DNS server running on the remote host does not properly handle objects in memory when looking up the resource record of a domain. By sending a specially crafted DNS query an attacker may be able to exploit this flaw and cause the DNS server on the remote host to stop responding and eventually restart.Solution
Microsoft has released a set of patches for Windows 2003, 2008, and 2008 R2.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-017
Plugin Details
Severity: Medium
ID: 72837
File Name: ms_dns_kb2647170.nasl
Version: 1.9
Type: remote
Family: DNS
Published: 3/5/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: ms_dns/version
Exploit Ease: No known exploits are available
Patch Publication Date: 3/13/2012
Vulnerability Publication Date: 3/13/2012
Reference Information
CVE: CVE-2012-0006
BID: 52374
MSFT: MS12-017
MSKB: 2647170