Oval Definition:oval:org.mitre.oval:def:428
Revision Date:2011-05-09Version:24
Title:Server Service Denial of Service Vulnerability
Description:The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-3942
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Win2K,SP4
  • Microsoft Windows 2000 SP4 or later is installed
  • AND the version of srv.sys is less than 5.0.2195.7106
  • OR WinXP,SP1
  • Microsoft Windows XP SP1 (32-bit) is installed
  • AND the version of srv.sys is less than 5.1.2600.1885
  • OR WinXP,SP2
  • Microsoft Windows XP SP2 or later is installed
  • AND the version of srv.sys is less than 5.1.2600.2974
  • OR WinXP,SP1 (64-bit)
  • Microsoft Windows XP SP1 (64-bit) is installed
  • AND the version of srv.sys is less than 5.2.3790.2783
  • OR S03-Gold
  • Microsoft Windows Server 2003 (x86) Gold is installed
  • AND the version of srv.sys is less than 5.2.3790.588
  • OR S03,SP1
  • Microsoft Windows Server 2003 SP1 (x86) is installed
  • AND the version of srv.sys is less than 5.2.3790.2783
    • BACK