CVE-2006-2370

critical

Description

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587

https://exchange.xforce.ibmcloud.com/vulnerabilities/26812

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025

http://www.vupen.com/english/advisories/2006/2323

http://www.us-cert.gov/cas/techalerts/TA06-164A.html

http://www.securityfocus.com/bid/18325

http://www.osvdb.org/26437

http://www.kb.cert.org/vuls/id/631516

http://securitytracker.com/id?1016285

http://secunia.com/advisories/20630

Details

Source: Mitre, NVD

Published: 2006-06-13

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical