Short Name |
DNS:OVERFLOW:MS-WIN-DNSAPI-BO |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
DNS |
Keywords |
Microsoft Windows DNSAPI NSEC3 Heap-based Buffer Overflow |
Release Date |
2017/10/24 |
Update Number |
3000 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the DNSAPI component of Microsoft Windows. Successful exploitation could result in arbitrary code execution in the security context of the application that made the original DNS query.
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".