Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0021 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

7.8HIGHNVD

EPSS

69.7%

top 1.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedFeb 14

Latest updateMay 1

Description

Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_server7 versions+6

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-g367-j7q7-9r56: Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an in↗2022-05-01

▶

CVEList

CVE-2006-0021: Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an in↗2006-02-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows XP/2003 - IGMP v3 Denial of Service (MS06-007) (2)↗2006-03-22

▶

Exploit-DB

Microsoft Windows XP/2003 - IGMP v3 Denial of Service (MS06-007) (1)↗2006-03-21

▶