CVEブラウザに戻る

CVE-2006-3441

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1970%

EPSS Percentile40.44th

Published2006年8月9日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.

Affected Platforms (CPE)

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2003 Server

= 64-bit

💻

Microsoft

Windows 2003 Server

= sp1

💻

Microsoft

Windows 2003 Server

= sp1

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

References & Advisories

🔗 http://secunia.com/advisories/21394

🔗 http://securitytracker.com/id?1016653

🔗 http://www.kb.cert.org/vuls/id/794580

🔗 http://www.osvdb.org/27844

🔗 http://www.securityfocus.com/bid/19404

🔗 http://www.us-cert.gov/cas/techalerts/TA06-220A.html

🔗 http://www.vupen.com/english/advisories/2006/3211

🔗 http://xforce.iss.net/xforce/alerts/id/233

関連する脆弱性情報

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...