Attackers do not require authentication to exploit this vulnerability. However, the attacker may require access to trusted, internal networks to send a malicious request to the affected system, reducing the potential for external attacks. An exploit could allow the attacker to execute arbitrary code on the affected system, possibly resulting in a complete system compromise.
Because the WINS Server is not installed by default on affected systems, the potential for widespread exploitation may be decreased. WINS services may be installed in only a few environments, leaving no vector for exploitation on systems that do not have the WINS Server component installed.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the August 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for August 2009
The update available from Microsoft corrects this vulnerability by performing proper length checking.