Vulnerability Name:

CVE-2006-3439 (CCN-28002)

Assigned:2006-08-08
Published:2006-08-08
Updated:2018-10-12
Summary:Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-3439

Source: CCN
Type: SA21388
Windows Server Service Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
21388

Source: CCN
Type: SECTRACK ID: 1016667
Windows Server Service Buffer Overflow Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016667

Source: CCN
Type: ASA-2006-154
Windows Security Updates for August 2006 - (MS06-040 - MS06-051)

Source: CCN
Type: Microsoft Knowledge Base Article 921883
MS06-040: Vulnerability in Server service could allow remote code execution

Source: CISCO
Type: UNKNOWN
20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability

Source: CCN
Type: cisco-sr-20060814-ms06-040-vulnerability
Cisco Security Response: Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability

Source: MISC
Type: UNKNOWN
http://www.dhs.gov/dhspublic/display?content=5789

Source: CCN
Type: US-CERT VU#650769
Microsoft Windows Server service buffer overflow

Source: CERT-VN
Type: Patch, US Government Resource
VU#650769

Source: CCN
Type: Microsoft Security Bulletin MS06-040
Vulnerability In Server Service Could All Remote Code Execution (921883)

Source: CCN
Type: Microsoft Security Bulletin MS06-070
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

Source: BID
Type: UNKNOWN
19409

Source: CCN
Type: BID-19409
Microsoft Windows Server Service Remote Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-220A
Microsoft Windows, Office, and Internet Explorer Vulnerabilities

Source: CERT
Type: Patch, US Government Resource
TA06-220A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3210

Source: CCN
Type: Internet Security Systems Protection Advisory August 8, 2006
Microsoft Server Service Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS06-040

Source: XF
Type: UNKNOWN
ms-server-service-bo(28002)

Source: XF
Type: UNKNOWN
ms-server-service-bo(28002)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:492

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-11-2011]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [08-08-2006]
MS06-040 Microsoft Server Service NetpwPathCanonicalize Overflow

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000::sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000::sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000::sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:::itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:::x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:492
    V
    Buffer Overrun in Server Service Vulnerability
    2014-03-17
    BACK
    microsoft windows 2000 * sp4
    microsoft windows 2003 server 64-bit
    microsoft windows 2003 server itanium
    microsoft windows 2003 server r2
    microsoft windows 2003 server sp1
    microsoft windows 2003 server sp1
    microsoft windows xp *
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows 2000
    microsoft windows 2000 sp1
    microsoft windows 2000 sp2
    microsoft windows 2000 sp3
    microsoft windows xp sp1
    microsoft windows 2000 sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server
    microsoft windows 2003_server sp1
    microsoft windows xp
    microsoft windows 2003_server sp1_itanium
    microsoft windows 2003 -