Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
Published 2006-08-09 01:04:00
Updated 2025-04-03 01:03:51
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Products affected by CVE-2006-3439

Exploit prediction scoring system (EPSS) score for CVE-2006-3439

88.85%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2006-3439

  • MS06-040 Microsoft Server Service NetpwPathCanonicalize Overflow
    Disclosure Date: 2006-08-08
    First seen: 2020-04-26
    exploit/windows/smb/ms06_040_netapi
    This module exploits a stack buffer overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denia

CVSS scores for CVE-2006-3439

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!