| Vulnerability Name: | CVE-2006-2372 (CCN-26823) | ||||||||
| Assigned: | 2006-07-11 | ||||||||
| Published: | 2006-07-11 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Jul 11 2006 - 13:02:54 CDT CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Source: FULLDISC Type: UNKNOWN 20060711 CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Source: MITRE Type: CNA CVE-2006-2372 Source: CCN Type: SA21010 Windows DHCP Client Service Buffer Overflow Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 21010 Source: SREASON Type: UNKNOWN 1201 Source: CCN Type: SECTRACK ID: 1016468 Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016468 Source: CCN Type: ASA-2006-135 Windows Security Updates for July 2006 - (MS06-033 - MS06-039) Source: MISC Type: Patch http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf Source: CCN Type: US-CERT VU#257164 Microsoft DHCP Client service contains a buffer overflow Source: CERT-VN Type: US Government Resource VU#257164 Source: CCN Type: Microsoft Security Bulletin MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) Source: OSVDB Type: UNKNOWN 27151 Source: CCN Type: OSVDB ID: 27151 Microsoft Windows DHCP Client Service Crafted Response Overflow Source: BUGTRAQ Type: UNKNOWN 20060711 CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Source: BUGTRAQ Type: UNKNOWN 20060829 CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Source: BID Type: Patch 18923 Source: CCN Type: BID-18923 Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability Source: CERT Type: US Government Resource TA06-192A Source: VUPEN Type: UNKNOWN ADV-2006-2754 Source: CCN Type: Internet Security Systems Protection Alert July 11, 2006 Vulnerability in DHCP Client could allow remote code execution Source: MS Type: UNKNOWN MS06-036 Source: XF Type: UNKNOWN win-dhcp-client-bo(26823) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:232 Source: EXPLOIT-DB Type: UNKNOWN 2054 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||