CVE-2006-3440

Microsoft Windows 2000 - Buffer Overflow

Title source: rule

Description

Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."

Exploits (1)

exploitdb WORKING POC

pythondoswindows

https://www.exploit-db.com/exploits/2900

View Code ZIP pw:eip

References (8)

[Patch, US Government Resource] http://www.kb.cert.org/vuls/id/908276

[Patch, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-220A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19319

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A747

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016653

[Third Party Advisory] http://secunia.com/advisories/21394

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3211

Scores

EPSS 0.7250

EPSS Percentile 98.8%

Details

Status published

Products (4)

microsoft/windows_2000

microsoft/windows_2003_server 64-bit

microsoft/windows_2003_server sp1 (2 CPE variants)

microsoft/windows_xp (3 CPE variants)

Published Aug 09, 2006

Tracked Since Feb 18, 2026