ID CVE-2006-0013
Summary Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:r2:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:r2:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:r2:-:datacenter_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:r2:-:datacenter_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:r2:sp1
    cpe:2.3:o:microsoft:windows_2003_server:r2:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:standard:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:standard:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:web
    cpe:2.3:o:microsoft:windows_2003_server:web
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • Microsoft Windows XP Service Pack 1 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp1:home
  • Microsoft Windows XP Service Pack 2 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp2:home
CVSS
Base: 6.5 (as of 17-03-2006 - 13:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id SMB_KB911927.NASL
    description The remote version of Windows contains a flaw in the Web Client service that may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need credentials to log into the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20928
    published 2006-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20928
    title MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) (uncredentialed check)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-008.NASL
    description The remote version of Windows contains a flaw in the Web Client service that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need credentials to log into the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20908
    published 2006-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20908
    title MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
oval via4
  • accepted 2011-05-16T04:00:34.977-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
    family windows
    id oval:org.mitre.oval:def:1220
    status accepted
    submitted 2006-02-17T07:36:00.000-04:00
    title WebClient Service Unchecked Buffer Remote Code Execution (Server 2003,SP1)
    version 67
  • accepted 2011-05-16T04:01:17.934-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
    family windows
    id oval:org.mitre.oval:def:1547
    status accepted
    submitted 2006-02-17T07:36:00.000-04:00
    title WebClient Service Unchecked Buffer Remote Code Execution (Server 2003)
    version 68
  • accepted 2011-05-16T04:01:25.079-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
    family windows
    id oval:org.mitre.oval:def:1602
    status accepted
    submitted 2006-02-17T07:36:00.000-04:00
    title WebClient Service Unchecked Buffer Remote Code Execution (XP,SP2)
    version 68
  • accepted 2011-05-16T04:03:21.399-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
    family windows
    id oval:org.mitre.oval:def:683
    status accepted
    submitted 2006-02-17T07:36:00.000-04:00
    title WebClient Service Unchecked Buffer Remote Code Execution (XP,SP1)
    version 67
  • accepted 2011-05-16T04:03:23.941-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
    family windows
    id oval:org.mitre.oval:def:716
    status accepted
    submitted 2006-02-17T07:36:00.000-04:00
    title WebClient Service Unchecked Buffer Remote Code Execution (64-bit XP,SP1)
    version 67
refmap via4
bid 16636
cert-vn VU#388900
ms MS06-008
sectrack 1015630
secunia 18857
vupen ADV-2006-0577
xf msrpc-webclient-message-bo(24491)
Last major update 07-03-2011 - 21:29
Published 14-02-2006 - 14:06
Last modified 12-10-2018 - 17:38
Back to Top