>> Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities
Title : Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities VUPEN ID : VUPEN/ADV-2008-2524 CVE ID : CVE-2008-2326 - CVE-2008-3630 CWE ID : CWE-331 - CWE-476
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-09-10
Technical Description
Two vulnerabilities have been identified in Apple Bonjour for Windows, which could be exploited by attackers to cause a denial of service or spoof DNS responses.
The first issue is caused by a NULL pointer dereference error in the Bonjour Namespace Provider when resolving a specially crafted ".local" domain name containing a long DNS label, which could be exploited to crash an affected application.
The second vulnerability is caused by an error in the DNS protocol, which may allow a remote attacker to spoof DNS responses.
