CVE-2006-4696 — Code Injection in Microsoft Windows 2003 Server

CWE-94 — Code Injection3 documents3 sources

Severity

9.0CRITICALNVD

EPSS

65.0%

top 1.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedOct 10

Latest updateMay 1

Description

Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serverr2, sp1+1

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-466p-jwwq-gcjc: Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attac↗2022-05-01

▶

CVEList

CVE-2006-4696: Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attac↗2006-10-10

▶