Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6696Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
4.3%
top 11.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedDec 22
Latest updateMay 1

Description

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fmp2-4wcx-jwx4: Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with2022-05-01
CVEList
CVE-2006-6696: Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with2006-12-22

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure2006-12-27
Exploit-DB
Microsoft Windows - 'MessageBox' Memory Corruption Local Denial of Service2006-12-20
CVE-2006-6696 — Microsoft vulnerability | cvebase