{"api_version":"1","generated_at":"2026-07-12T14:11:09+00:00","cve":"CVE-2006-2373","urls":{"html":"https://cve.report/CVE-2006-2373","api":"https://cve.report/api/cve/CVE-2006-2373.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2373","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2373"},"summary":{"title":"CVE-2006-2373","description":"The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the \"SMB Driver Elevation of Privilege Vulnerability.\"","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2006-06-13 19:06:00","updated_at":"2019-03-26 19:17:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2006/2327","name":"ADV-2006-2327","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030","name":"MS06-030","refsource":"MS","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS06-030 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26440","name":"26440","refsource":"OSVDB","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/20635","name":"20635","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Secunia - Advisories - Windows SMB Denial of Service and Privilege Escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792","name":"oval:org.mitre.oval:def:1792","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408","name":"20060613 Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow","refsource":"IDEFENSE","tags":["Third Party Advisory"],"title":"Accenture | Let there be change","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137","name":"oval:org.mitre.oval:def:1137","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904","name":"oval:org.mitre.oval:def:1904","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18356","name":"18356","refsource":"BID","tags":["Patch","Third Party Advisory","VDB Entry"],"title":"Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26828","name":"win-smb-privilege-escalation(26828)","refsource":"XF","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730","name":"oval:org.mitre.oval:def:1730","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016288","name":"1016288","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityTracker.com Archives - Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007","name":"oval:org.mitre.oval:def:2007","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942","name":"oval:org.mitre.oval:def:1942","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2373","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2373","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"-","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"-","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x86","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x86","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"professional","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"professional","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2373","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2006-2373","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the \"SMB Driver Elevation of Privilege Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1016288","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016288"},{"name":"oval:org.mitre.oval:def:1942","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942"},{"name":"20060613 Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow","refsource":"IDEFENSE","url":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408"},{"name":"oval:org.mitre.oval:def:1730","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730"},{"name":"ADV-2006-2327","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2327"},{"name":"oval:org.mitre.oval:def:1137","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137"},{"name":"26440","refsource":"OSVDB","url":"http://www.osvdb.org/26440"},{"name":"18356","refsource":"BID","url":"http://www.securityfocus.com/bid/18356"},{"name":"MS06-030","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030"},{"name":"oval:org.mitre.oval:def:2007","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007"},{"name":"oval:org.mitre.oval:def:1792","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792"},{"name":"oval:org.mitre.oval:def:1904","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904"},{"name":"20635","refsource":"SECUNIA","url":"http://secunia.com/advisories/20635"},{"name":"win-smb-privilege-escalation(26828)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26828"}]}},"nvd":{"publishedDate":"2006-06-13 19:06:00","lastModifiedDate":"2019-03-26 19:17:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:x86:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2373","Ordinal":"17683","Title":"CVE-2006-2373","CVE":"CVE-2006-2373","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2373","Ordinal":"1","NoteData":"The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the \"SMB Driver Elevation of Privilege Vulnerability.\"","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2373","Ordinal":"2","NoteData":"2006-06-13","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2373","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}