CVE-2006-3440

Microsoft Windows 2000 SP4, XP SP1-SP2, Server 2003 SP1 - Remote Code Execution via Winsock Hostname Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3440.

AI-analyzed exploit summary This Python script implements a malicious DNS server that exploits CVE-2006-3440 by sending a crafted DNS response with a malformed TXT record, causing a denial-of-service (DoS) in Microsoft Windows DNS services (services.exe crash). The exploit requires the target to use the attacker's DNS server.

Description

Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."

Exploits (1)

exploitdb WORKING POC

pythondoswindows

https://www.exploit-db.com/exploits/2900

View Code ZIP pw:eip

This Python script implements a malicious DNS server that exploits CVE-2006-3440 by sending a crafted DNS response with a malformed TXT record, causing a denial-of-service (DoS) in Microsoft Windows DNS services (services.exe crash). The exploit requires the target to use the attacker's DNS server.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows DNS Server (Windows 2000 SP0, SP1, and potentially SP4)

No auth needed

Prerequisites: Target must use the attacker's DNS server for resolution · Victim must query a crafted hostname

MITRE ATT&CK