Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1314

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1314
Last Modified 07 Mar 2011 09:32:45
Published 11 Jul 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1314

Summary

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


References

CERT - TA06-192A

CERT-VN - VU#189140

MISC - http://www.tippingpoint.com/security/advisories/TSRT-06-02.html

MS - MS06-035

VUPEN - ADV-2006-2753

XF - win-mailslot-bo(26818)

BID - 18863

BUGTRAQ - 20060711 TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability

OSVDB - 27154

SREASON - 1212

SECUNIA - 21007


Last Updated: 27 May 2016 10:42:01