CVE-2006-2370

Microsoft Windows 2000 - Buffer Overflow

Title source: rule

Description

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

Exploits (6)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16375

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16364

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Pusscat · remotewindows

https://www.exploit-db.com/exploits/1965

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by H D Moore · remotewindows

https://www.exploit-db.com/exploits/1940

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms06_025_rras.rb

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by pusscat, hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb

View Code ZIP pw:eip

References (15)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26812

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2323

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-164A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741

[Patch] http://www.osvdb.org/26437

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016285

[US Government Resource] http://www.kb.cert.org/vuls/id/631516

[Patch, Vendor Advisory] http://secunia.com/advisories/20630

[Patch] http://www.securityfocus.com/bid/18325

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823

Scores

EPSS 0.8547

EPSS Percentile 99.4%

Details

Status published

Products (12)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2003_server datacenter_edition (2 CPE variants)

microsoft/windows_2003_server datacenter_edition_64-bit (2 CPE variants)

microsoft/windows_2003_server enterprise_64-bit

microsoft/windows_2003_server enterprise_edition sp1

microsoft/windows_2003_server enterprise_edition_64-bit (2 CPE variants)

microsoft/windows_2003_server r2

microsoft/windows_2003_server sp1

microsoft/windows_2003_server standard (2 CPE variants)

microsoft/windows_2003_server standard_64-bit

... and 2 more

Published Jun 13, 2006

Tracked Since Feb 18, 2026