Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3439

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-3439
Last Modified 07 Mar 2011 09:38:39
Published 08 Aug 2006 09:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3439

Summary

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


References

CERT - TA06-220A

CERT-VN - VU#650769

MS - MS06-040

SECUNIA - 21388

XF - ms-server-service-bo(28002)

VUPEN - ADV-2006-3210

BID - 19409

MISC - http://www.dhs.gov/dhspublic/display?content=5789

SECTRACK - 1016667

CISCO - 20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability


Last Updated: 27 May 2016 10:43:00