// For flags

CVE-2006-3880

Microsoft Windows XP/2000/2003 - Remote Denial of Service

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.

** IMPUGNADO ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, y Windows Small Business Server 2003 permite a atacantes remotos provocar denegación de servicio (manipular la pila IP) a través de un flujo continuo de paquetes sobre el puerto TCP 135 que tiene una cabecera de validación (checksum) TCP erronea y números aleatorios en ciertos campos de cabeceras TCP, como se demostró con Achilles Windows Attack Tool. NOTA: el investigador indicaque Microsoft Security Response Center ha indicado que "Nuestra investigación que ha incluido la revisión de código, la revisión del TCPDump, e intentó reproducir el asunto en múltiples instalaciones frescas de varios sistemas operativos de Windows dieron como resultado la no confirmación".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-24 First Exploit
  • 2006-07-26 CVE Reserved
  • 2006-07-27 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp2
Affected
Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp3
Affected
Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
datacenter_edition
Search vendor "Microsoft" for product "Windows 2003 Server" and version "datacenter_edition"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
datacenter_edition
Search vendor "Microsoft" for product "Windows 2003 Server" and version "datacenter_edition"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
datacenter_edition_64-bit
Search vendor "Microsoft" for product "Windows 2003 Server" and version "datacenter_edition_64-bit"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
datacenter_edition_64-bit
Search vendor "Microsoft" for product "Windows 2003 Server" and version "datacenter_edition_64-bit"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
enterprise_64-bit
Search vendor "Microsoft" for product "Windows 2003 Server" and version "enterprise_64-bit"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
enterprise_edition
Search vendor "Microsoft" for product "Windows 2003 Server" and version "enterprise_edition"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
enterprise_edition_64-bit
Search vendor "Microsoft" for product "Windows 2003 Server" and version "enterprise_edition_64-bit"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
r2
Search vendor "Microsoft" for product "Windows 2003 Server" and version "r2"
datacenter_64-bit
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
sp1
Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp1"
enterprise
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
standard
Search vendor "Microsoft" for product "Windows 2003 Server" and version "standard"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
standard
Search vendor "Microsoft" for product "Windows 2003 Server" and version "standard"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
standard_64-bit
Search vendor "Microsoft" for product "Windows 2003 Server" and version "standard_64-bit"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
web
Search vendor "Microsoft" for product "Windows 2003 Server" and version "web"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
web
Search vendor "Microsoft" for product "Windows 2003 Server" and version "web"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*64-bit
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*embedded
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*home
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*media_center
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*gold, professional
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp1, 64-bit
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp1, embedded
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp1, home
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp1, media_center
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, home
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, media_center
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, tablet_pc
Affected