CVE-2006-2373
Summary
| CVE | CVE-2006-2373 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-13 19:06:00 UTC |
| Updated | 2019-03-26 19:17:00 UTC |
| Description | The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | - | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | - | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp1 | All | All |
| Operating System | Microsoft | Windows Xp | - | - | All | All |
| Operating System | Microsoft | Windows Xp | - | sp1 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | - | All | All |
| Operating System | Microsoft | Windows Xp | - | sp1 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Microsoft Security Bulletin MS06-030 - Critical | Microsoft Docs | MS | docs.microsoft.com | Patch, Vendor Advisory |
| 26440 | OSVDB | www.osvdb.org | Broken Link |
| Secunia - Advisories - Windows SMB Denial of Service and Privilege Escalation | SECUNIA | secunia.com | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| Accenture | Let there be change | IDEFENSE | www.idefense.com | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | Patch, Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| SecurityTracker.com Archives - Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service | SECTRACK | securitytracker.com | Third Party Advisory, VDB Entry |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.