CVE-2006-6296

Microsoft Windows 2000 SP4 and earlier - Denial of Service via RpcGetPrinterData Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6296. PoCs published by h07.

AI-analyzed exploit summary This exploit targets a memory allocation vulnerability in the Windows spoolss service via the GetPrinterData() function, causing a remote denial-of-service (DoS) by exhausting memory. It uses DCERPC to connect to the target and trigger the vulnerability by allocating a large memory buffer.

Description

The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.

Exploits (1)

exploitdb WORKING POC VERIFIED

by h07 · pythondoswindows

https://www.exploit-db.com/exploits/2879

View Code ZIP pw:eip

This exploit targets a memory allocation vulnerability in the Windows spoolss service via the GetPrinterData() function, causing a remote denial-of-service (DoS) by exhausting memory. It uses DCERPC to connect to the target and trigger the vulnerability by allocating a large memory buffer.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows spoolss service (tested on Windows 2000 SP4)

No auth needed

Prerequisites: Network access to the target's SMB port (445) · Vulnerable Windows spoolss service

MITRE ATT&CK