CVE-2006-4688

Microsoft Windows <SP1 - Buffer Overflow

Title source: llm

Description

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16373

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16369

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by pusscat · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms06_066_nwapi.rb

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by pusscat · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms06_066_nwwks.rb

View Code ZIP pw:eip

References (9)

[Patch] http://secunia.com/advisories/22866

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-318A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-066

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29952

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A404

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451844/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21023

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017224

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4504

Scores

EPSS 0.8285

EPSS Percentile 99.3%

Details

Status published

Products (3)

microsoft/windows_2000

microsoft/windows_2003_server sp1

microsoft/windows_xp

Published Nov 14, 2006

Tracked Since Feb 18, 2026