DNS Spoofing Vulnerability in Apple Bonjour for Windows

CVE-2008-3630

Summary

The mDNSResponder component within Apple Bonjour for Windows, specifically prior to version 1.0.5, exhibits a security flaw where it fails to utilize random values for transaction IDs and source ports in DNS requests. This predictability facilitates remote attackers to execute DNS spoofing attacks, potentially resulting in incorrect DNS responses being processed by applications relying on the Bonjour API.

References