CVE-2006-2371

Sažetak

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."

Reference

http://secunia.com/advisories/20630
http://securityreason.com/securityalert/1096
http://securitytracker.com/id?1016285
http://www.kb.cert.org/vuls/id/814644
http://www.osvdb.org/26436
http://www.securityfocus.com/archive/1/436977/100/0/threaded
http://www.securityfocus.com/bid/18358
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://www.vupen.com/english/advisories/2006/2323
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025
https://exchange.xforce.ibmcloud.com/vulnerabilities/26814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1851
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1857
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1983

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-04-2019 - 14:27

Objavljeno

13-06-2006 - 19:06