cvelistv5 - cve-2006-3439

cve-2006-3439

Vulnerability from cvelistv5

Published

2006-08-09 01:00

Modified

2024-08-07 18:30

Severity ?

Summary

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/21388	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016667
secure@microsoft.com	http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
secure@microsoft.com	http://www.dhs.gov/dhspublic/display?content=5789
secure@microsoft.com	http://www.kb.cert.org/vuls/id/650769	Patch, US Government Resource
secure@microsoft.com	http://www.securityfocus.com/bid/19409
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/3210
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21388	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016667
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
af854a3a-2127-422b-91ae-364da2661108	http://www.dhs.gov/dhspublic/display?content=5789
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/650769	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19409
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3210
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.dhs.gov/dhspublic/display?content=5789"
          },
          {
            "name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
          },
          {
            "name": "MS06-040",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
          },
          {
            "name": "VU#650769",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/650769"
          },
          {
            "name": "1016667",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016667"
          },
          {
            "name": "19409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19409"
          },
          {
            "name": "TA06-220A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:492",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
          },
          {
            "name": "ms-server-service-bo(28002)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
          },
          {
            "name": "ADV-2006-3210",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3210"
          },
          {
            "name": "21388",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21388"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.dhs.gov/dhspublic/display?content=5789"
        },
        {
          "name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
        },
        {
          "name": "MS06-040",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
        },
        {
          "name": "VU#650769",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/650769"
        },
        {
          "name": "1016667",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016667"
        },
        {
          "name": "19409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19409"
        },
        {
          "name": "TA06-220A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:492",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
        },
        {
          "name": "ms-server-service-bo(28002)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
        },
        {
          "name": "ADV-2006-3210",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3210"
        },
        {
          "name": "21388",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21388"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dhs.gov/dhspublic/display?content=5789",
              "refsource": "MISC",
              "url": "http://www.dhs.gov/dhspublic/display?content=5789"
            },
            {
              "name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
            },
            {
              "name": "MS06-040",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
            },
            {
              "name": "VU#650769",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/650769"
            },
            {
              "name": "1016667",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016667"
            },
            {
              "name": "19409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19409"
            },
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:492",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
            },
            {
              "name": "ms-server-service-bo(28002)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
            },
            {
              "name": "ADV-2006-3210",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3210"
            },
            {
              "name": "21388",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21388"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-3439",
    "datePublished": "2006-08-09T01:00:00",
    "dateReserved": "2006-07-07T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*\", \"matchCriteriaId\": \"330B6798-5380-44AD-9B52-DF5955FA832C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2CA1674-A8A0-479A-9D80-344D3C563A24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0808041A-CE1A-433A-9C2B-019097CCFB0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E7FD818-322D-4089-A644-360C33943D29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"644E2E89-F3E3-4383-B460-424D724EE62F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"91D6D065-A28D-49DA-B7F4-38421FF86498\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*\", \"matchCriteriaId\": \"B9687E6C-EDE9-42E4-93D0-C4144FEC917A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\", \"matchCriteriaId\": \"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario an\\u00f3nimos, ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314.\"}]",
      "id": "CVE-2006-3439",
      "lastModified": "2024-11-21T00:13:37.467",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-08-09T01:04:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/21388\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016667\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.dhs.gov/dhspublic/display?content=5789\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/650769\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/19409\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3210\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28002\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/21388\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016667\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.dhs.gov/dhspublic/display?content=5789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/650769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/19409\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3439\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-08-09T01:04:00.000\",\"lastModified\":\"2024-11-21T00:13:37.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario an\u00f3nimos, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*\",\"matchCriteriaId\":\"330B6798-5380-44AD-9B52-DF5955FA832C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CA1674-A8A0-479A-9D80-344D3C563A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0808041A-CE1A-433A-9C2B-019097CCFB0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E7FD818-322D-4089-A644-360C33943D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"91D6D065-A28D-49DA-B7F4-38421FF86498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*\",\"matchCriteriaId\":\"B9687E6C-EDE9-42E4-93D0-C4144FEC917A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\",\"matchCriteriaId\":\"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21388\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016667\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.dhs.gov/dhspublic/display?content=5789\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/650769\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/19409\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3210\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28002\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/21388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.dhs.gov/dhspublic/display?content=5789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/650769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/19409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cve-2006-3439

Vulnerability from fkie_nvd

Published

2006-08-09 01:04

Modified

2024-11-21 00:13

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/21388	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016667
secure@microsoft.com	http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
secure@microsoft.com	http://www.dhs.gov/dhspublic/display?content=5789
secure@microsoft.com	http://www.kb.cert.org/vuls/id/650769	Patch, US Government Resource
secure@microsoft.com	http://www.securityfocus.com/bid/19409
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/3210
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21388	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016667
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
af854a3a-2127-422b-91ae-364da2661108	http://www.dhs.gov/dhspublic/display?content=5789
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/650769	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19409
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3210
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	windows_2003_server	64-bit
microsoft	windows_2003_server	itanium
microsoft	windows_2003_server	r2
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp1
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
              "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
              "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
              "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
              "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario an\u00f3nimos, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314."
    }
  ],
  "id": "CVE-2006-3439",
  "lastModified": "2024-11-21T00:13:37.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-09T01:04:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21388"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1016667"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.dhs.gov/dhspublic/display?content=5789"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/650769"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/19409"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/3210"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.dhs.gov/dhspublic/display?content=5789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/650769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2006-3439

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3439

Aliases

CVE-2006-3439

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3439",
    "description": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.",
    "id": "GSD-2006-3439",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-3439"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3439"
      ],
      "details": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.",
      "id": "GSD-2006-3439",
      "modified": "2023-12-13T01:19:56.879178Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-3439",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.dhs.gov/dhspublic/display?content=5789",
            "refsource": "MISC",
            "url": "http://www.dhs.gov/dhspublic/display?content=5789"
          },
          {
            "name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
          },
          {
            "name": "MS06-040",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
          },
          {
            "name": "VU#650769",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/650769"
          },
          {
            "name": "1016667",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016667"
          },
          {
            "name": "19409",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19409"
          },
          {
            "name": "TA06-220A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:492",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
          },
          {
            "name": "ms-server-service-bo(28002)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
          },
          {
            "name": "ADV-2006-3210",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3210"
          },
          {
            "name": "21388",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21388"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3439"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "VU#650769",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/650769"
            },
            {
              "name": "21388",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21388"
            },
            {
              "name": "http://www.dhs.gov/dhspublic/display?content=5789",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.dhs.gov/dhspublic/display?content=5789"
            },
            {
              "name": "19409",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19409"
            },
            {
              "name": "1016667",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016667"
            },
            {
              "name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
            },
            {
              "name": "ADV-2006-3210",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3210"
            },
            {
              "name": "ms-server-service-bo(28002)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
            },
            {
              "name": "oval:org.mitre.oval:def:492",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
            },
            {
              "name": "MS06-040",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T21:40Z",
      "publishedDate": "2006-08-09T01:04Z"
    }
  }
}

ghsa-6fx8-xxf2-xjj8

Vulnerability from github

Published

2022-05-01 07:09

Modified

2022-05-01 07:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3439"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-09T01:04:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.",
  "id": "GHSA-6fx8-xxf2-xjj8",
  "modified": "2022-05-01T07:09:12Z",
  "published": "2022-05-01T07:09:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3439"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21388"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016667"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
    },
    {
      "type": "WEB",
      "url": "http://www.dhs.gov/dhspublic/display?content=5789"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/650769"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19409"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3210"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-3439

Vulnerability from cvelistv5

cve-2006-3439

Vulnerability from fkie_nvd

gsd-2006-3439

Vulnerability from gsd

ghsa-6fx8-xxf2-xjj8

Vulnerability from github

Tags

Sightings

Nomenclature