Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2006-6696

Published: 22/12/2006 Updated: 30/04/2019
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 700
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Windows 2000

Vulnerability Summary

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2000

microsoft windows 2003 server datacenter_edition

microsoft windows 2003 server standard

microsoft windows 2003 server web

microsoft windows xp

microsoft windows 2003 server enterprise_edition

microsoft windows 2003 server sp1

microsoft windows vista

Exploits

Exploit DB: Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure
///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrssexe memory disclosure ///////////////////////////////////////// ///// Ruben Santamarta ///// ruben at reversemode dot com ///// wwwreversemodecom ///////////////////////////////////////// ///// 12272006 ...
Exploit DB: Microsoft Windows - 'MessageBox' Memory Corruption Local Denial of Service
// mboxcs using System; using SystemRuntimeInteropServices; class HelloWorldFromMicrosoft { [DllImport("user32dll")] unsafe public static extern int MessageBoxA(uint hwnd, byte* lpText, byte* lpCaption, uint uType); static unsafe void Main() { byte[] helloBug = new byte[] {0x5C, 0x3F, 0x3F, 0x5C, 0x21, 0x21, 0x21, 0x00}; uint MB_SERV ...

References

CWE-119http://www.securityfocus.com/bid/21688http://www.determina.com/security.research/vulnerabilities/csrss-harderror.htmlhttp://www.security.nnov.ru/files/messagebox.chttp://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspxhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.htmlhttp://www.security.nnov.ru/Gnews944.htmlhttp://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5affhttp://www.kuban.ru/forum_new/forum2/files/19124.htmlhttp://isc.sans.org/diary.php?n&storyid=1965http://research.eeye.com/html/alerts/zeroday/20061215.htmlhttp://securitytracker.com/id?1017433http://secunia.com/advisories/23448http://www.securityfocus.com/bid/23324http://www.vupen.com/english/advisories/2006/5120http://www.vupen.com/english/advisories/2007/1325https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021http://www.securityfocus.com/archive/1/466331/100/200/threadedhttp://www.securityfocus.com/archive/1/455546/100/0/threadedhttp://www.securityfocus.com/archive/1/455158/100/0/threadedhttp://www.securityfocus.com/archive/1/455104/100/0/threadedhttp://www.securityfocus.com/archive/1/455088/100/0/threadedhttp://www.securityfocus.com/archive/1/455061/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/3024/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook