Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3439Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

10 documents6 sources
Severity
10.0CRITICALNVD
CNA7.5VulnCheck7.5
EPSS
89.0%
top 0.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedAug 9
Latest updateMay 1

Description

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: secunia.comPatch: www.kb.cert.orgPatch: www.us-cert.gov

🔴Vulnerability Details

3
GHSA
GHSA-6fx8-xxf2-xjj8: Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous2022-05-01
CVEList
CVE-2006-3439: Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous2006-08-09
VulnCheck
Microsoft Windows Out-of-bounds Write2006

💥Exploits & PoCs

5
Exploit-DB
Microsoft Server Service - NetpwPathCanonicalize Overflow (MS06-040) (Metasploit)2011-02-17
Exploit-DB
Microsoft Windows Server 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)2006-09-13
Exploit-DB
Microsoft Windows - NetpIsRemote() Remote Overflow (MS06-040) (2)2006-08-28
Exploit-DB
Microsoft Windows - CanonicalizePathName() Remote (MS06-040)2006-08-19
Exploit-DB
Microsoft Windows - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)2006-08-10
CVE-2006-3439 — Microsoft vulnerability | cvebase