CVE-2006-3942 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3942
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3942

Description: The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27999 ST 1016606 1017035 SAID Secunia Advisory: SA21276 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:428 OSVDB 27644 MS http://www.microsoft.com/technet/security/Bulletin/MS06-063.mspx MISC http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10 http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx http://www.milw0rm.com//exploits/2057 ISS http://xforce.iss.net/xforce/alerts/id/231 HP http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/443287/100/200/threaded BID 19215

Return to the previous page.