Vulnerability Name:

CVE-2006-3444 (CCN-28016)

Assigned:2006-08-08
Published:2006-08-08
Updated:2019-04-30
Summary:Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2006-3444

Source: CCN
Type: SA21415
Windows Kernel Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
21415

Source: CCN
Type: SECTRACK ID: 1016658
Windows 2000 Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016658

Source: CCN
Type: ASA-2006-154
Windows Security Updates for August 2006 - (MS06-040 - MS06-051)

Source: CCN
Type: Microsoft Security Bulletin MS11-098
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)

Source: CCN
Type: Microsoft Security Bulletin MS12-042
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

Source: CCN
Type: Microsoft Security Bulletin MS06-049
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)

Source: CCN
Type: Microsoft Security Bulletin MS07-022
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)

Source: CCN
Type: Microsoft Security Bulletin MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)

Source: CCN
Type: Microsoft Security Bulletin MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Source: CCN
Type: Microsoft Security Bulletin MS09-058
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)

Source: CCN
Type: Microsoft Security Bulletin MS10-015
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)

Source: CCN
Type: Microsoft Security Bulletin MS10-021
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

Source: CCN
Type: Microsoft Security Bulletin MS10-047
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)

Source: CCN
Type: Microsoft Security Bulletin MS11-011
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)

Source: BID
Type: UNKNOWN
19388

Source: CCN
Type: BID-19388
Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-220A
Microsoft Windows, Office, and Internet Explorer Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-3215

Source: MS
Type: UNKNOWN
MS06-049

Source: XF
Type: UNKNOWN
win-kernel-system-bo(28016)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:673

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:673
    V
    Windows 2000 Kernel Elevation of Privilege Vulnerability
    2011-05-09
    BACK
    microsoft windows 2000 * sp4
    microsoft windows 2000 * sp4
    microsoft windows 2000 - sp4