CVE-2006-1314
Summary
| CVE | CVE-2006-1314 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-07-11 21:05:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS: 0.758370000 probability, percentile 0.989140000 (date 2026-04-20)
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | fr |
| Operating System | Microsoft | Windows 2003 Server | 64-bit | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | itanium | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | r2 | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | sp1 | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | sp1 | All | itanium | All |
| Operating System | Microsoft | Windows Xp | All | All | 64-bit | All |
| Operating System | Microsoft | Windows Xp | All | sp1 | tablet_pc | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | tablet_pc | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Microsoft Windows Server Service Two Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Microsoft Security Bulletin MS06-035 - Critical | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| www.osvdb.org/27154 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| Intrusion Prevention IPS | TippingPoint, a division of 3Com | Published Advisories | af854a3a-2127-422b-91ae-364da2661108 | www.tippingpoint.com | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| SecurityReason - Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | securityreason.com | |
| US-CERT Technical Cyber Security Alert TA06-192A -- Microsoft Windows, Office, and IIS Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| US-CERT Vulnerability Note VU#189140 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.