ID CVE-2006-1314
Summary Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:-:fr
    cpe:2.3:o:microsoft:windows_2000:-:sp4:-:fr
  • cpe:2.3:o:microsoft:windows_2003_server:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:itanium
    cpe:2.3:o:microsoft:windows_2003_server:itanium
  • cpe:2.3:o:microsoft:windows_2003_server:r2
    cpe:2.3:o:microsoft:windows_2003_server:r2
  • cpe:2.3:o:microsoft:windows_2003_server:sp1
    cpe:2.3:o:microsoft:windows_2003_server:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:-:itanium
    cpe:2.3:o:microsoft:windows_2003_server:sp1:-:itanium
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • Microsoft windows xp_sp1 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp1:tablet_pc
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 7.5 (as of 12-07-2006 - 11:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035). CVE-2006-1314,CVE-2006-1315,CVE-2006-3942. Dos exploit for windows platform
file exploits/windows/dos/2057.c
id EDB-ID:2057
last seen 2016-01-31
modified 2006-07-21
platform windows
port
published 2006-07-21
reporter cocoruder
source https://www.exploit-db.com/download/2057/
title Microsoft Windows - Mailslot Ring0 Memory Corruption Exploit MS06-035
type dos
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-035.NASL
    description The remote host is vulnerable to heap overflow in the 'Server' service that could allow an attacker to execute arbitrary code on the remote host with the 'System' privileges. In addition to this, the remote host is also vulnerable to an information disclosure attack in SMB that could allow an attacker to obtain portions of the memory of the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22029
    published 2006-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22029
    title MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-063.NASL
    description The remote host has a memory corruption vulnerability in the 'Server' service that could allow an attacker to perform a denial of service against the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22536
    published 2006-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22536
    title MS06-063: Vulnerability in Server Service Could Allow Denial of Service (923414)
  • NASL family Windows
    NASL id SMB_KB917159.NASL
    description The remote host is vulnerable to heap overflow in the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYSTEM' privileges. In addition to this, the remote host is also affected by an information disclosure vulnerability in SMB that may allow an attacker to obtain portions of the memory of the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22034
    published 2006-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22034
    title MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)
oval via4
accepted 2011-05-09T04:01:37.674-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP1 (32-bit) is installed
    oval oval:org.mitre.oval:def:1
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
description Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
family windows
id oval:org.mitre.oval:def:600
status accepted
submitted 2006-07-25T12:05:33
title Mailslot Heap Overflow Vulnerability
version 40
refmap via4
bid 18863
bugtraq 20060711 TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability
cert TA06-192A
cert-vn VU#189140
misc http://www.tippingpoint.com/security/advisories/TSRT-06-02.html
ms MS06-035
osvdb 27154
secunia 21007
sreason 1212
vupen ADV-2006-2753
xf win-mailslot-bo(26818)
Last major update 07-03-2011 - 21:32
Published 11-07-2006 - 17:05
Last modified 18-10-2018 - 12:32
Back to Top