Microsoft » Windows Xp : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 1
CVE-2006-5614
Public exploit
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
Max CVSS
2.6
EPSS Score
97.07%
Published
2006-10-31
Updated
2017-10-19
CVE-2006-4691
Public exploit
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
Max CVSS
10.0
EPSS Score
96.35%
Published
2006-11-14
Updated
2018-10-17
CVE-2006-4688
Public exploit
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
Max CVSS
7.5
EPSS Score
96.70%
Published
2006-11-14
Updated
2018-10-17
CVE-2006-3942
Public exploit
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
Max CVSS
7.8
EPSS Score
97.00%
Published
2006-07-31
Updated
2018-10-17
CVE-2006-3439
Public exploit
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
Max CVSS
10.0
EPSS Score
96.55%
Published
2006-08-09
Updated
2018-10-12
CVE-2006-2370
Public exploit
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Max CVSS
7.5
EPSS Score
92.56%
Published
2006-06-13
Updated
2019-04-30
6 vulnerabilities found