Executive Summary

Informations
Name MS06-041 First vendor Publication N/A
Vendor Microsoft Last vendor Modification N/A
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:723
 
Oval ID: oval:org.mitre.oval:def:723
Title: DNS Client Buffer Overrun Vulnerability
Description: Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
Family: windows Class: vulnerability
Reference(s): CVE-2006-3441
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:747
 
Oval ID: oval:org.mitre.oval:def:747
Title: Winsock Hostname Vulnerability
Description: Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2006-3440
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 3
Os 3

ExploitDB Exploits

id Description
2006-12-09 MS Windows DNS Resolution - Remote Denial of Service PoC (MS06-041)

Open Source Vulnerability Database (OSVDB)

Id Description
27844 Microsoft Windows DNS Client Service Record Response Overflow

27843 Microsoft Windows Winsock API Hostname Remote Code Execution

Information Assurance Vulnerability Management (IAVM)

Date Description
2006-08-11 IAVM : 2006-B-0011 - Microsoft Windows Winsock and DNS Client Service Vulnerabilities (MS06-041)
Severity : Category I - VMSKEY : V0012600

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows DNS client TXT buffer overrun attempt
RuleID : 16030 - Revision : 9 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows DNS client ATMA buffer overrun attempt
RuleID : 16029 - Revision : 11 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2006-08-08 Name : Arbitrary code can be executed on the remote host due to a flaw in the DNS cl...
File : smb_nt_ms06-041.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:45:26
  • Multiple Updates
2013-11-11 12:41:04
  • Multiple Updates