7.5

CVE-2006-2371

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updatesp1
MicrosoftWindows 2000 Updatesp2
MicrosoftWindows 2000 Updatesp3
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows 2003 Server Versiondatacenter_edition
MicrosoftWindows 2003 Server Versiondatacenter_edition Updatesp1
MicrosoftWindows 2003 Server Versiondatacenter_edition_64-bit
MicrosoftWindows 2003 Server Versiondatacenter_edition_64-bit Updatesp1
MicrosoftWindows 2003 Server Versionenterprise_64-bit
MicrosoftWindows 2003 Server Versionenterprise_edition Updatesp1
MicrosoftWindows 2003 Server Versionenterprise_edition_64-bit
MicrosoftWindows 2003 Server Versionenterprise_edition_64-bit Updatesp1
MicrosoftWindows 2003 Server Versionr2 Editiondatacenter_64-bit
MicrosoftWindows 2003 Server Versionsp1 Editionenterprise
MicrosoftWindows 2003 Server Versionstandard
MicrosoftWindows 2003 Server Versionstandard Updatesp1
MicrosoftWindows 2003 Server Versionstandard_64-bit
MicrosoftWindows 2003 Server Versionweb Updatesp1
MicrosoftWindows Xp Edition64-bit
MicrosoftWindows Xp Editionhome
MicrosoftWindows Xp Editionmedia_center
MicrosoftWindows Xp Updategold Editionprofessional
MicrosoftWindows Xp Updatesp1 Editionhome
MicrosoftWindows Xp Updatesp1 Editionmedia_center
MicrosoftWindows Xp Updatesp2 Editionhome
MicrosoftWindows Xp Updatesp2 Editionmedia_center
MicrosoftWindows Xp Updatesp2 Editiontablet_pc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 21.94% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
US Government Resource
http://secunia.com/advisories/20630
Patch
Vendor Advisory
http://securitytracker.com/id?1016285
http://www.vupen.com/english/advisories/2006/2323
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025
http://securityreason.com/securityalert/1096
http://www.kb.cert.org/vuls/id/814644
US Government Resource
http://www.osvdb.org/26436
http://www.securityfocus.com/archive/1/436977/100/0/threaded
http://www.securityfocus.com/bid/18358
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/26814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1851
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1857
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1983