CVE-2006-2372

Microsoft Dhcp Client Service - Memory Corruption

Title source: rule

Description

Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by redsand · textremotewindows

https://www.exploit-db.com/exploits/2054

View Code ZIP pw:eip

References (15)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0222.html

[Patch, Vendor Advisory] http://secunia.com/advisories/21010

[Patch] http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf

[US Government Resource] http://www.kb.cert.org/vuls/id/257164

[Third Party Advisory, VDB Entry] http://www.osvdb.org/27151

[Patch] http://www.securityfocus.com/bid/18923

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-192A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-036

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/439675/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/444631/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2054

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A232

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016468

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2754

[Third Party Advisory] http://securityreason.com/securityalert/1201

Scores

EPSS 0.8732

EPSS Percentile 99.5%

Details

CWE

CWE-119

Status published

Products (1)

microsoft/dhcp_client_service

Published Jul 11, 2006

Tracked Since Feb 18, 2026