Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Windows DNS/WINS服务器自动更新欺骗漏洞
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。 如果Windows DNS服务器中使用了动态更新且DNS中还没有注册ISATAP和WPAD,则服务器无法正确地验证注册WPAD项的用户。远程攻击者可以通过在指向预期IP地址的DNS数据库中注册WPAD执行中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A