Vulnerability Details : CVE-2006-4688
Public exploit exists!
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2006-4688
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4688
96.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-4688
-
MS06-066 Microsoft Services nwwks.dll Module Exploit
Disclosure Date: 2006-11-14First seen: 2020-04-26exploit/windows/smb/ms06_066_nwwksThis module exploits a stack buffer overflow in the svchost service, when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. Authors: - pusscat <pusscat@metasploit.com> -
MS06-066 Microsoft Services nwapi32.dll Module Exploit
Disclosure Date: 2006-11-14First seen: 2020-04-26exploit/windows/smb/ms06_066_nwapiThis module exploits a stack buffer overflow in the svchost service when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. Authors: - pusscat <pusscat@metasploit.com>
CVSS scores for CVE-2006-4688
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-4688
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29952
-
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
US Government Resource
-
http://securitytracker.com/id?1017224
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-066
-
http://www.vupen.com/english/advisories/2006/4504
-
http://www.securityfocus.com/bid/21023
Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A404
-
http://www.securityfocus.com/archive/1/451844/100/0/threaded
Jump to