Executive Summary
Informations | |||
---|---|---|---|
Name | MS06-041 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:723 | |||
Oval ID: | oval:org.mitre.oval:def:723 | ||
Title: | DNS Client Buffer Overrun Vulnerability | ||
Description: | Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3441 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:747 | |||
Oval ID: | oval:org.mitre.oval:def:747 | ||
Title: | Winsock Hostname Vulnerability | ||
Description: | Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3440 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 3 | |
Os | 3 |
ExploitDB Exploits
id | Description |
---|---|
2006-12-09 | MS Windows DNS Resolution - Remote Denial of Service PoC (MS06-041) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
27844 | Microsoft Windows DNS Client Service Record Response Overflow |
27843 | Microsoft Windows Winsock API Hostname Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2006-08-11 | IAVM : 2006-B-0011 - Microsoft Windows Winsock and DNS Client Service Vulnerabilities (MS06-041) Severity : Category I - VMSKEY : V0012600 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows DNS client TXT buffer overrun attempt RuleID : 16030 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DNS client ATMA buffer overrun attempt RuleID : 16029 - Revision : 11 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-08-08 | Name : Arbitrary code can be executed on the remote host due to a flaw in the DNS cl... File : smb_nt_ms06-041.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:26 |
|
2013-11-11 12:41:04 |
|