| Vulnerability Name: | CVE-2006-2334 (CCN-26487) | ||||||||
| Assigned: | 2006-05-09 | ||||||||
| Published: | 2006-05-09 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue May 09 2006 - 18:02:54 CDT [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL Source: MITRE Type: CNA CVE-2006-2334 Source: MISC Type: Exploit, Vendor Advisory http://www.48bits.com/advisories/rtldospath.pdf Source: CCN Type: ALWIL Software Web site avast! antivirus software Source: CCN Type: BitDefender Web site AntiVirus - AntiSpam - Firewall Software, Data Security, Free Protection Source: CCN Type: ESET Web site Eliminate Spyweare, Adware, and Worms with NOD32 Antivirus from ESET Source: CCN Type: Frisk Software International Web site F-Prot Antivirus Products Source: CCN Type: AntiVir Web site AntiVir PersonalEdition Classic - More than Security Source: CCN Type: Grisoft Web site AVG Anti Virus: HOME Source: CCN Type: Kaspersky Lab Web site Antivirus Software, Computer Virus Protection, Antivirus, Anti Spyware, Spam Filter, Computer Security Source: CCN Type: Lavasoft Web site Ad-Aware SE Personal - Software - Lavasoft Source: CCN Type: Norman Antivirus Web site NORMAN :: Antivirus | Firwall | Network Security Source: OSVDB Type: UNKNOWN 25761 Source: CCN Type: OSVDB ID: 25761 Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness Source: CCN Type: Spybot Search&Destroy Web site Home - The home of Spybot-S&D! Source: BUGTRAQ Type: UNKNOWN 20060509 [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL Source: BID Type: Exploit 17934 Source: CCN Type: BID-17934 Microsoft Windows Path Conversion Weakness Source: CCN Type: Symantec Web site Nortono AntiVirus: Overview Source: CCN Type: Webroot Software, Inc. Web sie Spy Sweeper Source: XF Type: UNKNOWN win-ntdll-path-conversion(26487) Source: XF Type: UNKNOWN win-ntdll-path-conversion(26487) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||