{"api_version":"1","generated_at":"2026-04-23T08:39:27+00:00","cve":"CVE-2006-1314","urls":{"html":"https://cve.report/CVE-2006-1314","api":"https://cve.report/api/cve/CVE-2006-1314.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-1314","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-1314"},"summary":{"title":"CVE-2006-1314","description":"Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.","state":"PUBLISHED","assigner":"microsoft","published_at":"2006-07-11 21:05:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/439773/100/0/threaded","name":"http://www.securityfocus.com/archive/1/439773/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21007","name":"http://secunia.com/advisories/21007","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Windows Server Service Two Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS06-035 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18863","name":"http://www.securityfocus.com/bid/18863","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/27154","name":"http://www.osvdb.org/27154","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.tippingpoint.com/security/advisories/TSRT-06-02.html","name":"http://www.tippingpoint.com/security/advisories/TSRT-06-02.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Intrusion Prevention IPS | TippingPoint, a division of 3Com | Published Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2753","name":"http://www.vupen.com/english/advisories/2006/2753","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/1212","name":"http://securityreason.com/securityalert/1212","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason - Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA06-192A.html","name":"http://www.us-cert.gov/cas/techalerts/TA06-192A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA06-192A -- Microsoft Windows, Office, and IIS Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/189140","name":"http://www.kb.cert.org/vuls/id/189140","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#189140","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26818","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26818","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-1314","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-1314","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"*","cpe7":"sp4","cpe8":"*","cpe9":"fr","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"64-bit","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"itanium","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"r2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"sp1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"sp1","cpe7":"*","cpe8":"itanium","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"*","cpe8":"64-bit","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp1","cpe8":"tablet_pc","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp2","cpe8":"tablet_pc","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"1314","cve":"CVE-2006-1314","epss":"0.758370000","percentile":"0.989140000","score_date":"2026-04-20","updated_at":"2026-04-21 00:07:48"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T17:03:29.000Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"VU#189140","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/189140"},{"name":"ADV-2006-2753","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/2753"},{"name":"win-mailslot-bo(26818)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26818"},{"name":"27154","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/27154"},{"name":"21007","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/21007"},{"name":"1212","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/1212"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.tippingpoint.com/security/advisories/TSRT-06-02.html"},{"name":"oval:org.mitre.oval:def:600","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600"},{"name":"18863","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/18863"},{"name":"20060711 TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/439773/100/0/threaded"},{"name":"MS06-035","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035"},{"name":"TA06-192A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA06-192A.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-07-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-18T14:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"VU#189140","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/189140"},{"name":"ADV-2006-2753","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/2753"},{"name":"win-mailslot-bo(26818)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26818"},{"name":"27154","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/27154"},{"name":"21007","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/21007"},{"name":"1212","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/1212"},{"tags":["x_refsource_MISC"],"url":"http://www.tippingpoint.com/security/advisories/TSRT-06-02.html"},{"name":"oval:org.mitre.oval:def:600","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600"},{"name":"18863","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/18863"},{"name":"20060711 TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/439773/100/0/threaded"},{"name":"MS06-035","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035"},{"name":"TA06-192A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA06-192A.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2006-1314","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#189140","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/189140"},{"name":"ADV-2006-2753","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2753"},{"name":"win-mailslot-bo(26818)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26818"},{"name":"27154","refsource":"OSVDB","url":"http://www.osvdb.org/27154"},{"name":"21007","refsource":"SECUNIA","url":"http://secunia.com/advisories/21007"},{"name":"1212","refsource":"SREASON","url":"http://securityreason.com/securityalert/1212"},{"name":"http://www.tippingpoint.com/security/advisories/TSRT-06-02.html","refsource":"MISC","url":"http://www.tippingpoint.com/security/advisories/TSRT-06-02.html"},{"name":"oval:org.mitre.oval:def:600","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600"},{"name":"18863","refsource":"BID","url":"http://www.securityfocus.com/bid/18863"},{"name":"20060711 TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/439773/100/0/threaded"},{"name":"MS06-035","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035"},{"name":"TA06-192A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA06-192A.html"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2006-1314","datePublished":"2006-07-11T21:00:00.000Z","dateReserved":"2006-03-20T00:00:00.000Z","dateUpdated":"2024-08-07T17:03:29.000Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-07-11 21:05:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*","matchCriteriaId":"330B6798-5380-44AD-9B52-DF5955FA832C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*","matchCriteriaId":"D2CA1674-A8A0-479A-9D80-344D3C563A24"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*","matchCriteriaId":"0808041A-CE1A-433A-9C2B-019097CCFB0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*","matchCriteriaId":"4E7FD818-322D-4089-A644-360C33943D29"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*","matchCriteriaId":"644E2E89-F3E3-4383-B460-424D724EE62F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*","matchCriteriaId":"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*","matchCriteriaId":"91D6D065-A28D-49DA-B7F4-38421FF86498"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*","matchCriteriaId":"B9687E6C-EDE9-42E4-93D0-C4144FEC917A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*","matchCriteriaId":"FB2BE2DE-7B06-47ED-A674-15D45448F357"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"1314","Ordinal":"1","Title":"CVE-2006-1314","CVE":"CVE-2006-1314","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"1314","Ordinal":"1","NoteData":"Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.","Type":"Description","Title":"CVE-2006-1314"},{"CveYear":"2006","CveId":"1314","Ordinal":"2","NoteData":"2006-07-11","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"1314","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}