CVE-2006-2379

Microsoft Windows 2000 - Memory Corruption

Title source: rule

Description

Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Preddy · cdoswindows

https://www.exploit-db.com/exploits/1967

View Code ZIP pw:eip

References (18)

[Patch, Vendor Advisory] http://secunia.com/advisories/20639

[Patch, US Government Resource] http://www.kb.cert.org/vuls/id/722753

[Patch] http://www.securityfocus.com/bid/18374

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-164A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-032

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26834

[Various Sources] http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/46702

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438482/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438609/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26433

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1483

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1585

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1712

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1776

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1787

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2018

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016290

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2329

Scores

EPSS 0.7943

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (9)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2003_server datacenter_64-bit sp1

microsoft/windows_2003_server enterprise (2 CPE variants)

microsoft/windows_2003_server enterprise_64-bit (2 CPE variants)

microsoft/windows_2003_server r2 (3 CPE variants)

microsoft/windows_2003_server standard (2 CPE variants)

microsoft/windows_2003_server standard_64-bit

microsoft/windows_2003_server web (2 CPE variants)

microsoft/windows_nt 4.0 (32 CPE variants)

Published Jun 13, 2006

Tracked Since Feb 18, 2026