CVE-2006-3439 – Microsoft Server Service - NetpwPathCanonicalize Overflow (MS06-040)
https://notcve.org/view.php?id=CVE-2006-3439
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. Desbordamiento de búfer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario anónimos, ejecutar código de su elección a través de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314. • https://www.exploit-db.com/exploits/16367 https://www.exploit-db.com/exploits/2223 https://www.exploit-db.com/exploits/2265 https://www.exploit-db.com/exploits/2162 https://www.exploit-db.com/exploits/2355 http://secunia.com/advisories/21388 http://securitytracker.com/id?1016667 http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html http://www.dhs.gov/dhspublic/display?content=5789 http://www.kb.cert.org/vuls/id/650769 http:/ •
CVE-2006-3942 – Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
https://notcve.org/view.php?id=CVE-2006-3942
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot. El controlador de servidor (srv.sys) en Microsoft Windows NT 4.0, 2000, XP, y Server 2003 permite a atacantes remotos provocar una denegación de servicio (caída del sistema) mediante un mensaje SMB_COM_TRANSACTION que contiene una cadena sin terminación de carácter nulo, lo cual lleva a una referencia a NULL en la función ExecuteTransaction, posiblemente relacionado con una "tubería SMB" (SMB PIPE), también conocida como vulnerabilidad "Mailslot DOS". NOTA: el nombre "Mailslot DOS" es derivado de una investigación inicial imcompleta; la vulnerabilidad no está asociada con un mailslot (ranura de correo). • https://www.exploit-db.com/exploits/2057 http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx http://secunia.com/advisories/21276 http://securitytracker.com/id?1016606 http://securitytracker.com/id?1017035 http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10 http://www.osvdb.org/27644 http://www.securityfocus.com/archive/1/443287/100/200/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/19215 • CWE-20: Improper Input Validation •
CVE-2006-1314 – Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
https://notcve.org/view.php?id=CVE-2006-1314
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. Desbordamiento de búfer basado en montículo en Server Service (SRV.SYS driver) de Microsoft Windows 2000 SP4, XP SP1 y SP2, Server de 2003 a SP1 y otros productos, permite a atacantes remotos ejecutar código de su elección a través de mensajes Mailslot de primera clase manipulados lo que dispara una corrupción de memoria y evita las restricciones de tamaño en mensajes Mailslot de segunda clase. • https://www.exploit-db.com/exploits/2057 http://secunia.com/advisories/21007 http://securityreason.com/securityalert/1212 http://www.kb.cert.org/vuls/id/189140 http://www.osvdb.org/27154 http://www.securityfocus.com/archive/1/439773/100/0/threaded http://www.securityfocus.com/bid/18863 http://www.tippingpoint.com/security/advisories/TSRT-06-02.html http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2753 https:// •
CVE-2006-3351
https://notcve.org/view.php?id=CVE-2006-3351
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. Desbordamiento de buffer en el Explorador de Windows (explorer.exe) de Windows XP y 2003. Permite a usuarios remotos con ayuda del usuario causar una denegación de servicio (indisponibilidad repetida de la aplicación) y, posiblemente, la ejecución de código de la elección del atacante remoto a través de un fichero de extensión .url con una etiqueta "InternetShortcut" que contiene una URL extensa y un gran número de especificadores "file:". • http://securityreason.com/securityalert/1186 http://www.securityfocus.com/archive/1/439153/100/0/threaded http://www.securityfocus.com/archive/1/439660/100/200/threaded http://www.securityfocus.com/bid/18838 https://exchange.xforce.ibmcloud.com/vulnerabilities/27567 •
CVE-2006-0008
https://notcve.org/view.php?id=CVE-2006-0008
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. • http://secunia.com/advisories/18859 http://securitytracker.com/id?1015631 http://www.kb.cert.org/vuls/id/739844 http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html http://www.securityfocus.com/archive/1/425141/100/0/threaded http://www.securityfocus.com/bid/16643 http://www.vupen.com/english/advisories/2006/0578 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-009 https://exchange.xforce.ibmcloud.com/vulnerabilities/24492 https://oval.cisec • CWE-264: Permissions, Privileges, and Access Controls •