7.5
CVSSv2

CVE-2006-2370

Published: 13/06/2006 Updated: 30/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and previous versions allows remote unauthenticated or authenticated malicious users to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2003 server enterprise edition 64-bit

microsoft windows 2003 server datacenter edition 64-bit

microsoft windows 2003 server standard

microsoft windows xp

microsoft windows 2003 server web

microsoft windows 2003 server enterprise 64-bit

microsoft windows 2000

microsoft windows 2003 server standard 64-bit

microsoft windows 2003 server r2

microsoft windows 2003 server sp1

microsoft windows 2003 server enterprise edition

microsoft windows 2003 server datacenter edition

Exploits

## # $Id: ms06_025_rasmans_regrb 10150 2010-08-25 20:55:37Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...
## # $Id: ms06_025_rrasrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Me ...
## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...
## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...

Nmap Scripts

smb-vuln-ms06-025

Detects Microsoft Windows systems with Ras RPC service vulnerable to MS06-025.

nmap --script smb-vuln-ms06-025.nse -p445 <host>
nmap -sU --script smb-vuln-ms06-025.nse -p U:137,T:139 <host>

| smb-vuln-ms06-025: | VULNERABLE: | RRAS Memory Corruption vulnerability (MS06-025) | State: VULNERABLE | IDs: CVE:CVE-2006-2370 | A buffer overflow vulnerability in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 | and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to | execute arbitrary code via certain crafted "RPC related requests" aka the "RRAS Memory Corruption Vulnerability." | | Disclosure date: 2006-6-27 | References: | https://technet.microsoft.com/en-us/library/security/ms06-025.aspx |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370