5.5

CVE-2006-2374

Exploit

EPSS 0.41%
Published 13.06.2006 19:06:00
Last modified 03.04.2025 01:03:51
Source secure@microsoft.com
Teams watchlist Login
Open Login

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."

Affected products Warnungen 0 Metrics 3 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Version- Updatesp4

Microsoft ≫ Windows 2003 Server Version-

Microsoft ≫ Windows 2003 Server Version- HwPlatformitanium

Microsoft ≫ Windows 2003 Server Version- HwPlatformx64

Microsoft ≫ Windows 2003 Server Version- Updatesp1

Microsoft ≫ Windows 2003 Server Version- Updatesp1 HwPlatformitanium

Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64

Microsoft ≫ Windows Xp Version- Updatesp1

Microsoft ≫ Windows Xp Version- Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.607

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://secunia.com/advisories/20635

Third Party Advisory

Broken Link

http://securitytracker.com/id?1016288

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2006/2327

Vendor Advisory

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030

Patch

Vendor Advisory

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409

Not Applicable

http://www.osvdb.org/26439

Broken Link

http://www.securityfocus.com/bid/18357

Patch

Third Party Advisory

Exploit

Broken Link

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/26830

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060

Third Party Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2006-2374

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2374

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2374

EUVD