CVE-2006-3439

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/21388	Patch Vendor Advisory
http://securitytracker.com/id?1016667
http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
http://www.dhs.gov/dhspublic/display?content=5789
http://www.kb.cert.org/vuls/id/650769	Patch US Government Resource
http://www.securityfocus.com/bid/19409
http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch US Government Resource
http://www.vupen.com/english/advisories/2006/3210
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
	cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:itanium:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium:::::
	cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

History

No history.

Information

Published : 2006-08-09 01:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3439

Mitre link : CVE-2006-3439

CVE.ORG link : CVE-2006-3439

JSON object : View

Products Affected

microsoft

windows_xp
windows_2003_server
windows_2000

CWE

NVD-CWE-Other

{"id": "CVE-2006-3439", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-09T01:04:00.000", "references": [{"url": "http://secunia.com/advisories/21388", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1016667", "source": "secure@microsoft.com"}, {"url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html", "source": "secure@microsoft.com"}, {"url": "http://www.dhs.gov/dhspublic/display?content=5789", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/650769", "tags": ["Patch", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/19409", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html", "tags": ["Patch", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3210", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario an\u00f3nimos, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314."}], "lastModified": "2018-10-12T21:40:34.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "vulnerable": true, "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}