CVE-2006-2379

Current Description

Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.

Basic Data

PublishedJune 13, 2006
Last ModifiedApril 30, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 2000********
    2.3OSMicrosoftWindows 2000*sp1******
    2.3OSMicrosoftWindows 2000*sp2******
    2.3OSMicrosoftWindows 2000*sp3******
    2.3OSMicrosoftWindows 2000*sp4******
    2.3OSMicrosoftWindows 2003 Serverdatacenter_64-bitsp1******
    2.3OSMicrosoftWindows 2003 Serverenterprise*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverenterprisesp1******
    2.3OSMicrosoftWindows 2003 Serverenterprise_64-bit*******
    2.3OSMicrosoftWindows 2003 Serverenterprise_64-bitsp1******
    2.3OSMicrosoftWindows 2003 Serverr2*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverr2*datacenter_64-bit*****
    2.3OSMicrosoftWindows 2003 Serverr2sp1******
    2.3OSMicrosoftWindows 2003 Serverstandard*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverstandardsp1******
    2.3OSMicrosoftWindows 2003 Serverstandard_64-bit*******
    2.3OSMicrosoftWindows 2003 Serverweb*******
    2.3OSMicrosoftWindows 2003 Serverwebsp1******
    2.3OSMicrosoftWindows Nt4.0*enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0*server*****
    2.3OSMicrosoftWindows Nt4.0*terminal_server*****
    2.3OSMicrosoftWindows Nt4.0*workstation*****
    2.3OSMicrosoftWindows Nt4.0sp1enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp1server*****
    2.3OSMicrosoftWindows Nt4.0sp1terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp1workstation*****
    2.3OSMicrosoftWindows Nt4.0sp2enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp2server*****
    2.3OSMicrosoftWindows Nt4.0sp2terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp2workstation*****
    2.3OSMicrosoftWindows Nt4.0sp3enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp3server*****
    2.3OSMicrosoftWindows Nt4.0sp3terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp3workstation*****
    2.3OSMicrosoftWindows Nt4.0sp4enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp4server*****
    2.3OSMicrosoftWindows Nt4.0sp4terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp4workstation*****
    2.3OSMicrosoftWindows Nt4.0sp5enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp5server*****
    2.3OSMicrosoftWindows Nt4.0sp5terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp5workstation*****
    2.3OSMicrosoftWindows Nt4.0sp6enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp6server*****
    2.3OSMicrosoftWindows Nt4.0sp6terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp6workstation*****
    2.3OSMicrosoftWindows Nt4.0sp6aenterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp6aserver*****
    2.3OSMicrosoftWindows Nt4.0sp6aterminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp6aworkstation*****
    2.3OSMicrosoftWindows Xp**64-bit*****
    2.3OSMicrosoftWindows Xp**home*****
    2.3OSMicrosoftWindows Xp**media_center*****
    2.3OSMicrosoftWindows Xp*goldprofessional*****
    2.3OSMicrosoftWindows Xp*sp1home*****
    2.3OSMicrosoftWindows Xp*sp1media_center*****
    2.3OSMicrosoftWindows Xp*sp2home*****
    2.3OSMicrosoftWindows Xp*sp2media_center*****
    2.3OSMicrosoftWindows Xp*sp2tablet_pc*****

Vulnerable Software List

VendorProductVersions
Microsoft Windows Xp *
Microsoft Windows 2000 *
Microsoft Windows 2003 Server datacenter_64-bit, enterprise, enterprise_64-bit, r2, standard, standard_64-bit, web
Microsoft Windows Nt 4.0

References

NameSourceURLTags
20639http://secunia.com/advisories/20639SECUNIAPATCH Vendor Advisory
1016290http://securitytracker.com/id?1016290SECTRACK
20060625 Is Windows TCP/IP source routing PoC code available?http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/46702FULLDISC
VU#722753http://www.kb.cert.org/vuls/id/722753CERT-VNPATCH US Government Resource
26433http://www.osvdb.org/26433OSVDB
20060627 Re: Is Windows TCP/IP source routing PoC code available?http://www.securityfocus.com/archive/1/438482/100/0/threadedBUGTRAQ
20060628 Re[2]: Is Windows TCP/IP source routing PoC code available?http://www.securityfocus.com/archive/1/438609/100/0/threadedBUGTRAQ
18374http://www.securityfocus.com/bid/18374BIDPATCH
TA06-164Ahttp://www.us-cert.gov/cas/techalerts/TA06-164A.htmlCERTUS Government Resource
ADV-2006-2329http://www.vupen.com/english/advisories/2006/2329VUPEN
MS06-032https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-032MS
win-tcp-ip-driver-bo(26834)https://exchange.xforce.ibmcloud.com/vulnerabilities/26834XF
oval:org.mitre.oval:def:1483https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1483OVAL
oval:org.mitre.oval:def:1585https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1585OVAL
oval:org.mitre.oval:def:1712https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1712OVAL
oval:org.mitre.oval:def:1776https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1776OVAL
oval:org.mitre.oval:def:1787https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1787OVAL
oval:org.mitre.oval:def:2018https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2018OVAL