7.8
CVE-2006-3942
- EPSS 87.27%
- Published 31.07.2006 23:04:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Updatesp4 Langfr
Microsoft ≫ Windows 2003 Server Version64-bit
Microsoft ≫ Windows 2003 Server Versionitanium
Microsoft ≫ Windows 2003 Server Versionr2
Microsoft ≫ Windows 2003 Server Versionsp1
Microsoft ≫ Windows 2003 Server Versionsp1 Editionitanium
Microsoft ≫ Windows Xp Edition64-bit
Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc
Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 87.27% | 0.994 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.