Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4688Out-of-bounds Write in Microsoft Windows 2003 Server

5 documents4 sources
Severity
7.5HIGHNVD
EPSS
82.8%
top 0.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedNov 14
Latest updateMay 1

Description

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-3cmw-hjwc-9rp2: Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execu2022-05-01
CVEList
CVE-2006-4688: Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execu2006-11-14

💥Exploits & PoCs

2
Exploit-DB
Microsoft Services - 'nwapi32.dll' (MS06-066) (Metasploit)2010-08-25
Exploit-DB
Microsoft Services - 'nwwks.dll' (MS06-066) (Metasploit)2010-05-09
CVE-2006-4688 — Out-of-bounds Write in Microsoft | cvebase