Executive Summary

Informations
Name CVE-2006-4691 First vendor Publication 2006-11-14
Vendor Cve Last vendor Modification 2018-10-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4691

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:607
 
Oval ID: oval:org.mitre.oval:def:607
Title: Workstation Service Memory Corruption Vulnerability
Description: Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
Family: windows Class: vulnerability
Reference(s): CVE-2006-4691
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:908
 
Oval ID: oval:org.mitre.oval:def:908
Title: Microsoft Client Service for NetWare Memory Corruption Vulnerability
Description: Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
Family: windows Class: vulnerability
Reference(s): CVE-2006-4691
Version: 2
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Operating System
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1

SAINT Exploits

Description Link
Windows Workstation service NetpManageIPCConnect buffer overflow More info here

ExploitDB Exploits

id Description
2010-10-05 Microsoft Workstation Service NetpManageIPCConnect Overflow
2006-11-18 MS Windows NetpManageIPCConnect Stack Overflow Exploit (py)
2006-11-17 MS Windows - Wkssvc NetrJoinDomain2 Stack Overflow Exploit (MS06-070)
2006-11-16 MS Windows - NetpManageIPCConnect Stack Overflow Exploit (MS06-070)

Open Source Vulnerability Database (OSVDB)

Id Description
30263 Microsoft Windows Workstation Service Crafted Message Remote Overflow

Information Assurance Vulnerability Management (IAVM)

Date Description
2006-11-17 IAVM : 2006-A-0054 - Microsoft Windows Workstation Service Remote Code Execution Vulnerability
Severity : Category I - VMSKEY : V0013115

Snort® IPS/IDS

Date Description
2014-01-10 DCERPC DIRECT wkssvc NetrJoinDomain2 object call overflow attempt
RuleID : 9128 - Revision : 5 - Type : NETBIOS
2014-01-10 DCERPC DIRECT wkssvc NetrJoinDomain2 little endian object call overflow attempt
RuleID : 9127 - Revision : 5 - Type : NETBIOS
2014-01-10 DCERPC DIRECT wkssvc NetrJoinDomain2 overflow attempt
RuleID : 9126 - Revision : 5 - Type : NETBIOS
2014-01-10 DCERPC DIRECT wkssvc NetrJoinDomain2 little endian overflow attempt
RuleID : 9125 - Revision : 5 - Type : NETBIOS
2014-01-10 DCERPC DIRECT v4 wkssvc NetrJoinDomain2 overflow attempt
RuleID : 9124 - Revision : 5 - Type : NETBIOS
2014-01-10 DCERPC DIRECT v4 wkssvc NetrJoinDomain2 little endian overflow attempt
RuleID : 9123 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode little endian andx object call overflow at...
RuleID : 9122 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX andx object call overflow attempt
RuleID : 9121 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX andx object call overflow attempt
RuleID : 9120 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode andx object call overflow attempt
RuleID : 9119 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode andx object call overflow att...
RuleID : 9118 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 little endian andx object call overflow attempt
RuleID : 9117 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode little endian andx object call overflow...
RuleID : 9116 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode andx object call overflow attempt
RuleID : 9115 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 andx object call overflow attempt
RuleID : 9114 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode little endian andx object call o...
RuleID : 9113 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX little endian andx overflow attempt
RuleID : 9112 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 little endian andx overflow attempt
RuleID : 9111 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX unicode little endian andx overflow a...
RuleID : 9110 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode andx overflow attempt
RuleID : 9109 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 little endian andx overflow attempt
RuleID : 9108 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX little endian andx overflow attempt
RuleID : 9107 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX unicode little endian andx overflo...
RuleID : 9106 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 unicode little endian andx overflow attempt
RuleID : 9105 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 andx overflow attempt
RuleID : 9104 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX andx overflow attempt
RuleID : 9103 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX andx overflow attempt
RuleID : 9102 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 andx overflow attempt
RuleID : 9101 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 little endian andx overflow attempt
RuleID : 9100 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX unicode andx overflow attempt
RuleID : 9099 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX little endian andx overflow attempt
RuleID : 9098 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode little endian andx overflow attempt
RuleID : 9097 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 andx overflow attempt
RuleID : 9096 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX andx overflow attempt
RuleID : 9095 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode andx overflow attempt
RuleID : 9094 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode andx overflow attempt
RuleID : 9093 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode little endian andx overflow attempt
RuleID : 9092 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 little endian andx overflow attempt
RuleID : 9091 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX little endian andx overflow attempt
RuleID : 9090 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode andx overflow attempt
RuleID : 9089 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 unicode andx overflow attempt
RuleID : 9088 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 unicode andx overflow attempt
RuleID : 9087 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 unicode little endian andx overflow attempt
RuleID : 9086 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX little endian andx object call overflow ...
RuleID : 9085 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode little endian andx overflow a...
RuleID : 9084 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX unicode andx overflow attempt
RuleID : 9083 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 andx object call overflow attempt
RuleID : 9082 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode little endian andx overflow attempt
RuleID : 9081 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX little endian andx object call overfl...
RuleID : 9080 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 little endian andx object call overflow attempt
RuleID : 9079 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode little endian andx object cal...
RuleID : 9078 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode andx object call overflow attempt
RuleID : 9077 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX andx overflow attempt
RuleID : 9076 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 andx overflow attempt
RuleID : 9075 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode little endian object call overflow attempt
RuleID : 9074 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX object call overflow attempt
RuleID : 9073 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX object call overflow attempt
RuleID : 9072 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode object call overflow attempt
RuleID : 9071 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode object call overflow attempt
RuleID : 9070 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 little endian object call overflow attempt
RuleID : 9069 - Revision : 7 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode little endian object call overflow attempt
RuleID : 9068 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode object call overflow attempt
RuleID : 9067 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 object call overflow attempt
RuleID : 9066 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode little endian object call overfl...
RuleID : 9065 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX little endian overflow attempt
RuleID : 9064 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 little endian overflow attempt
RuleID : 9063 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX unicode little endian overflow attempt
RuleID : 9062 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode overflow attempt
RuleID : 9061 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 little endian overflow attempt
RuleID : 9060 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX little endian overflow attempt
RuleID : 9059 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX unicode little endian overflow att...
RuleID : 9058 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 unicode little endian overflow attempt
RuleID : 9057 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 overflow attempt
RuleID : 9056 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX overflow attempt
RuleID : 9055 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX overflow attempt
RuleID : 9054 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 overflow attempt
RuleID : 9053 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 little endian overflow attempt
RuleID : 9052 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 WriteAndX unicode overflow attempt
RuleID : 9051 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX little endian overflow attempt
RuleID : 9050 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode little endian overflow attempt
RuleID : 9049 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 overflow attempt
RuleID : 9048 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX overflow attempt
RuleID : 9047 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode overflow attempt
RuleID : 9046 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode overflow attempt
RuleID : 9045 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode little endian overflow attempt
RuleID : 9044 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 little endian overflow attempt
RuleID : 9043 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX little endian overflow attempt
RuleID : 9042 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 unicode overflow attempt
RuleID : 9041 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 unicode overflow attempt
RuleID : 9040 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 unicode overflow attempt
RuleID : 9039 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 wkssvc NetrJoinDomain2 unicode little endian overflow attempt
RuleID : 9038 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX little endian object call overflow attempt
RuleID : 9037 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode little endian overflow attempt
RuleID : 9036 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB v4 wkssvc NetrJoinDomain2 WriteAndX unicode overflow attempt
RuleID : 9035 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 object call overflow attempt
RuleID : 9034 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB wkssvc NetrJoinDomain2 WriteAndX unicode little endian overflow attempt
RuleID : 9033 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX little endian object call overflow at...
RuleID : 9032 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 little endian object call overflow attempt
RuleID : 9031 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX unicode little endian object call ove...
RuleID : 9030 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 unicode object call overflow attempt
RuleID : 9029 - Revision : 8 - Type : NETBIOS
2014-01-10 SMB-DS wkssvc NetrJoinDomain2 WriteAndX overflow attempt
RuleID : 9028 - Revision : 8 - Type : NETBIOS
2014-01-10 DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
RuleID : 9027 - Revision : 18 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2006-11-14 Name : Arbitrary code can be executed on the remote host due to a flaw in the 'works...
File : smb_nt_ms06-070.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/20985
BUGTRAQ http://www.securityfocus.com/archive/1/451588/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA06-318A.html
CERT-VN http://www.kb.cert.org/vuls/id/778036
EEYE http://research.eeye.com/html/advisories/published/AD20061114.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://securitytracker.com/id?1017221
SECUNIA http://secunia.com/advisories/22883
VUPEN http://www.vupen.com/english/advisories/2006/4508
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/29948

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-05-04 12:04:34
  • Multiple Updates
2021-04-22 01:05:13
  • Multiple Updates
2020-05-23 13:16:47
  • Multiple Updates
2020-05-23 00:18:22
  • Multiple Updates
2018-10-18 00:19:41
  • Multiple Updates
2018-10-13 00:22:35
  • Multiple Updates
2017-10-11 09:23:45
  • Multiple Updates
2017-07-20 09:23:53
  • Multiple Updates
2016-04-26 15:04:01
  • Multiple Updates
2014-02-17 10:37:15
  • Multiple Updates
2014-01-19 21:23:32
  • Multiple Updates
2013-11-11 12:37:37
  • Multiple Updates
2013-05-11 11:09:11
  • Multiple Updates