Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3441


Vulnerability Score 10.0 10.0
CVE Id CVE-2006-3441
Last Modified 07 Mar 2011 09:38:39
Published 08 Aug 2006 09:04:00
Confidentiality Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


CERT - TA06-220A

CERT-VN - VU#794580

MS - MS06-041

XF - dns-data-string-bo(28240)

XF - win-dns-client-bo(28013)

XF - dns-rrdatalen-underflow(24586)

ISS - 20060808 Microsoft DNS Client Integer Overflow Vulnerability

ISS - 20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability

ISS - 20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability

VUPEN - ADV-2006-3211

BID - 19404

OSVDB - 27844

SECTRACK - 1016653

SECUNIA - 21394

Last Updated: 27 May 2016 10:43:00