CVE-2006-3441
Microsoft Windows - DNS Resolution Remote Denial of Service (PoC) (MS06-041)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
Desbordamiento de búger en el servicio Client DNS en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto ejecutar código de su elección a través de respuestas de registro manipulada. NOTA: Mientras MS06-041 implica que hay un solo asunto, hay múltiples vulnerabilidades, relacionados con (1) desbordamiento de búfer basado en pila en un respuesta de servidor DNS al cliente, (2) un respuesta de servidor DNS con registros ATMA mal formados, y (3)un gran pérdida de cálculo en los registros TXT, HINFO, X25, e ISDN.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-07-07 CVE Reserved
- 2006-08-09 CVE Published
- 2006-12-09 First Exploit
- 2024-06-29 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/21394 | Third Party Advisory | |
| http://securitytracker.com/id?1016653 | Vdb Entry | |
| http://www.osvdb.org/27844 | Vdb Entry | |
| http://www.securityfocus.com/bid/19404 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/3211 | Vdb Entry | |
| http://xforce.iss.net/xforce/alerts/id/233 | Third Party Advisory | |
| http://xforce.iss.net/xforce/alerts/id/234 | Third Party Advisory | |
| http://xforce.iss.net/xforce/alerts/id/235 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24586 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28013 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28240 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/2900 | 2006-12-09 |
| URL | Date | SRC |
|---|---|---|
| http://www.kb.cert.org/vuls/id/794580 | 2018-10-12 | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, fr |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | 64-bit Search vendor "Microsoft" for product "Windows 2003 Server" and version "64-bit" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | sp1 Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | sp1 Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp1" | itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | 64-bit |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp1, tablet_pc |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, tablet_pc |
Affected
| ||||||