CVE-2006-1314
published 2006-07-11CVE-2006-1314: Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products…
PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
64.23%
99.1th percentile
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x88\x05\x00\x00\x00\x00\x00\x0c\x00\x02\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00
bytes↗
\x00\x00\x00\x56\xff\x53\x4d\x42\x25\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x88\x05\x00\x08\x00\x00\x11\x00\x00\x01\x00\x00\x04\xe0\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x55\x00\x01\x00\x55\x00\x03\x00\x01\x00\x00\x00\x00\x00\x11\x00\x5c\x4d\x41\x49\x4c\x53\x4c\x4f\x54\x5c\x4c\x41\x4e\x4d\x41\x4e\x41
- →Exploit targets SRV.SYS via a crafted SMB TRANSACTION request (SMB command 0x25) to the \MAILSLOT\LANMANA named pipe, triggering Ring0 memory corruption. Monitor for SMB Trans requests to mailslot paths. ↗
- →CVE-2006-1314 is distinct from CVE-2006-3439; both are RPC/SMB Server Service vulnerabilities in Microsoft Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1, but represent different code paths. Ensure MS06-035 patch is validated separately from MS06-040. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6fx8-xxf2-xjj8: Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-3439 [HIGH] GHSA-6fx8-xxf2-xjj8: Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
GHSA
GHSA-82jr-5c3r-3vqp: Heap-based buffer overflow in the Server Service (SRV
ghsa_unreviewed·2022-05-01
CVE-2006-1314 [HIGH] GHSA-82jr-5c3r-3vqp: Heap-based buffer overflow in the Server Service (SRV
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
VulnCheck
Microsoft Windows Out-of-bounds Write
vulncheck·2006·CVSS 7.5
CVE-2006-3439 [HIGH] Microsoft Windows Out-of-bounds Write
Microsoft Windows Out-of-bounds Write
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a9c54f79-d780-437b-a7f5-a74960e299d5&CommunityKey=8af7f28f-02f1-4107-8639-93a60b6546d4&tab=librarydocuments; https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_ju
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/21007http://securityreason.com/securityalert/1212http://www.kb.cert.org/vuls/id/189140http://www.osvdb.org/27154http://www.securityfocus.com/archive/1/439773/100/0/threadedhttp://www.securityfocus.com/bid/18863http://www.tippingpoint.com/security/advisories/TSRT-06-02.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-192A.htmlhttp://www.vupen.com/english/advisories/2006/2753https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035https://exchange.xforce.ibmcloud.com/vulnerabilities/26818https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600http://secunia.com/advisories/21007http://securityreason.com/securityalert/1212http://www.kb.cert.org/vuls/id/189140http://www.osvdb.org/27154http://www.securityfocus.com/archive/1/439773/100/0/threadedhttp://www.securityfocus.com/bid/18863http://www.tippingpoint.com/security/advisories/TSRT-06-02.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-192A.htmlhttp://www.vupen.com/english/advisories/2006/2753https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035https://exchange.xforce.ibmcloud.com/vulnerabilities/26818https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600
2006-07-11
Published