Back to CVE Browser

CVE-2006-6385

HIGH

7.2

CVSS Severity Score

EPSS Score0.0770%

EPSS Percentile4.17th

PublishedDec 8, 2006

Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.

Affected Platforms (CPE)

🔌

Intel

Pro 10 100 Adapters

<= 3.5.14

🔌

Intel

Pro 10 100 Adapters

<= 4.0.3

🔌

Intel

Pro 10 100 Adapters

<= 8.0.27.0

🔌

Intel

Pro 1000 Adapters

<= 7.2.7

🔌

Intel

Pro 1000 Adapters

<= 8.7.1.0

🔌

Intel

Pro 1000 Adapters

<= 9.0.15

🔌

Intel

Pro 1000 Pcie Adapters

<= 9.1.30.0

🔌

Intel

Pro 10gbe Adapters

<= 1.0.109

References & Advisories

🔗 http://lists.freebsd.org/pipermail/freebsd-security/2006-December/004186.html

🔗 http://research.eeye.com/html/advisories/published/AD20061207.html

🔗 http://research.eeye.com/html/advisories/upcoming/20060710.html

🔗 http://secunia.com/advisories/23221

🔗 http://securityreason.com/securityalert/2007

🔗 http://securitytracker.com/id?1017346

🔗 http://www.fujitsu.com/global/support/software/security/products-f/primergy-200701e.html

🔗 http://www.intel.com/support/network/sb/CS-023726.htm

Related Vulnerabilities

CVE-2006-138110.0

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use...

CVE-2006-136810.0

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial...

CVE-2006-099210.0

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary co...

CVE-2006-160410.0

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables tha...