Nexpose Vulnerability Database
Microsoft Server Service / CanonicalizePathName() Remote Code Execution Vulnerability
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Critical (10) | 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 8, 2006 | Aug 21, 2006 | Mar 17, 2009 |
Description:
Certain versions of Microsoft Windows are vulnerable to a remote buffer overflow which could compromise a target machine. A specially crafted packet could be used in a call to the NetPathCanonicalize RPC routine in the Server Service, whereby an attacker could execute code under SYSTEM level access.
References:
- CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3439
- MS: http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx
- MSKB: http://support.microsoft.com/default.aspx?scid=kb;EN-US;921883
- SANS-06: http://www.sans.org/top20/2006/#w4
- SANS-07: http://www.sans.org/top20/2007/#s2
Solution:
-
Microsoft Windows 2000 Professional, Microsoft Windows 2000 Datacenter Server, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server
Install Microsoft service pack Windows 2000 Service Pack 4Download and apply the upgrade from: http://support.microsoft.com/sp
-
Microsoft Windows 2000 Professional SP4, Microsoft Windows 2000 Datacenter Server SP4, Microsoft Windows 2000 Server SP4, Microsoft Windows 2000 Advanced Server SP4
Download and install Microsoft patch WinDOWS2000-KB921883-x86-ENU.EXEDownload and apply the patch from: http://download.microsoft.com/download/9/0/b/90b8dbba-09c1-4b27-b0c4-0cc13706823a/Windows2000-KB921883-x86-ENU.EXE
-
Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC Edition, Microsoft Windows XP Media Center Edition
Install Microsoft service pack Windows XP Service Pack 1Download and apply the upgrade from: http://support.microsoft.com/sp
-
Microsoft Windows XP Home Edition SP1 OR SP2, Microsoft Windows XP Professional SP1 OR SP2
Download and install Microsoft patch WindowSXP-KB921883-x86-ENU.EXEDownload and apply the patch from: http://download.microsoft.com/download/c/2/b/c2b41862-1113-4e40-a81a-d6971733e361/WindowsXP-KB921883-x86-ENU.exe
-
Microsoft Windows Server 2003, Web Edition < SP1 OR SP1, Microsoft Windows Server 2003, Enterprise Edition < SP1 OR SP1, Microsoft Windows Server 2003, Datacenter Edition < SP1 OR SP1, Microsoft Windows Server 2003, Standard Edition < SP1 OR SP1, Microsoft Windows Small Business Server 2003 < SP1 OR SP1
Download and install Microsoft patch WindowsServer2003-KB921883-x86-ENU.EXEDownload and apply the patch from: http://download.microsoft.com/download/6/e/e/6ee2a18d-b3a7-457a-af39-fb687fd6aa91/WindowsServer2003-KB921883-x86-ENU.exe
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
