CVE-2006-3441 (GCVE-0-2006-3441)
Vulnerability from cvelistv5
Published
2006-08-09 01:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-041",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041"
},
{
"name": "1016653",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016653"
},
{
"name": "win-dns-client-bo(28013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28013"
},
{
"name": "20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/233"
},
{
"name": "20060808 Microsoft DNS Client Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/235"
},
{
"name": "dns-data-string-bo(28240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28240"
},
{
"name": "ADV-2006-3211",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3211"
},
{
"name": "VU#794580",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794580"
},
{
"name": "21394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21394"
},
{
"name": "oval:org.mitre.oval:def:723",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723"
},
{
"name": "27844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27844"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "19404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19404"
},
{
"name": "20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/234"
},
{
"name": "dns-rrdatalen-underflow(24586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS06-041",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041"
},
{
"name": "1016653",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016653"
},
{
"name": "win-dns-client-bo(28013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28013"
},
{
"name": "20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/233"
},
{
"name": "20060808 Microsoft DNS Client Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/235"
},
{
"name": "dns-data-string-bo(28240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28240"
},
{
"name": "ADV-2006-3211",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3211"
},
{
"name": "VU#794580",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794580"
},
{
"name": "21394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21394"
},
{
"name": "oval:org.mitre.oval:def:723",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723"
},
{
"name": "27844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27844"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "19404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19404"
},
{
"name": "20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/234"
},
{
"name": "dns-rrdatalen-underflow(24586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041"
},
{
"name": "1016653",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016653"
},
{
"name": "win-dns-client-bo(28013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28013"
},
{
"name": "20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/233"
},
{
"name": "20060808 Microsoft DNS Client Integer Overflow Vulnerability",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/235"
},
{
"name": "dns-data-string-bo(28240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28240"
},
{
"name": "ADV-2006-3211",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3211"
},
{
"name": "VU#794580",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794580"
},
{
"name": "21394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21394"
},
{
"name": "oval:org.mitre.oval:def:723",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723"
},
{
"name": "27844",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27844"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "19404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19404"
},
{
"name": "20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/234"
},
{
"name": "dns-rrdatalen-underflow(24586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3441",
"datePublished": "2006-08-09T01:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2006-3441\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-08-09T01:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fager en el servicio Client DNS en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de respuestas de registro manipulada. NOTA: Mientras MS06-041 implica que hay un solo asunto, hay m\u00faltiples vulnerabilidades, relacionados con (1) desbordamiento de b\u00fafer basado en pila en un respuesta de servidor DNS al cliente, (2) un respuesta de servidor DNS con registros ATMA mal formados, y (3)un gran p\u00e9rdida de c\u00e1lculo en los registros TXT, HINFO, X25, e ISDN.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*\",\"matchCriteriaId\":\"330B6798-5380-44AD-9B52-DF5955FA832C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CA1674-A8A0-479A-9D80-344D3C563A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"91D6D065-A28D-49DA-B7F4-38421FF86498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*\",\"matchCriteriaId\":\"B9687E6C-EDE9-42E4-93D0-C4144FEC917A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\",\"matchCriteriaId\":\"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21394\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://securitytracker.com/id?1016653\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/794580\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27844\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/19404\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3211\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/233\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/234\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/235\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24586\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28013\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28240\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/21394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016653\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/794580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3211\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…