| ID |
CVE-2006-4691
|
| Summary |
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 17-10-2018 - 21:39) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2011-10-03T04:00:06.894-04:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Pradeep R B | | organization | SecPod Technologies |
| | definition_extensions | | comment | Microsoft Windows 2000 SP4 or later is installed | | oval | oval:org.mitre.oval:def:229 |
| comment | Microsoft Windows XP SP2 or later is installed | | oval | oval:org.mitre.oval:def:521 |
| | description | Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. | | family | windows | | id | oval:org.mitre.oval:def:607 | | status | accepted | | submitted | 2006-11-15T12:28:05 | | title | Workstation Service Memory Corruption Vulnerability | | version | 76 |
| accepted | 2007-02-20T13:41:01.806-05:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| name | Todd Dolinsky | | organization | Opsware, Inc. |
| name | Pradeep R B | | organization | SecPod Technologies |
| | definition_extensions | | comment | Windows 2000 SP4 is installed | | oval | oval:org.mitre.oval:def:229 |
| comment | Windows XP, SP2 is installed | | oval | oval:org.mitre.oval:def:521 |
| | description | Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. | | family | windows | | id | oval:org.mitre.oval:def:908 | | status | deprecated | | submitted | 2006-11-15T12:28:05 | | title | Microsoft Client Service for NetWare Memory Corruption Vulnerability | | version | 73 |
|
| refmap
via4
|
| bid | 20985 | | bugtraq | 20061114 EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow | | cert | TA06-318A | | cert-vn | VU#778036 | | eeye | AD20061114 | | sectrack | 1017221 | | secunia | 22883 | | vupen | ADV-2006-4508 | | xf | win-workstation-service-bo(29948) |
|
| saint
via4
|
| bid | 20985 | | description | Windows Workstation service NetpManageIPCConnect buffer overflow | | id | win_patch_workstationrce | | osvdb | 30263 | | title | windows_workstation_ipcconnect | | type | remote |
|
| Last major update |
17-10-2018 - 21:39 |
| Published |
14-11-2006 - 21:07 |
| Last modified |
17-10-2018 - 21:39 |
