CERTVU:388900Microsoft Web Client Service vulnerable to buffer overflow
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.94 High
EPSS
Percentile
99.2%
Overview
A buffer overflow in the message handling routines of the Microsoft Web Client Service may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.
Description
According to Microsoft, the Web Client Service:
_allows applications to access documents on the Internet. Web Client extends the networking capability of Windows by allowing standard Win32 applications to create, read, and write files on Internet file servers by using the WebDAV protocol. The WebDAV protocol is a file-access protocol that is described in XML and that travels over the Hypertext Transfer Protocol (HTTP). By using standard HTTP, WebDAV runs over the existing Internet infrastructure. For example, WebDAV runs over firewalls and routers. _
The Web Client Service (WebClnt.dll) does not properly validate incoming messages, potentially allowing a buffer overflow to occur. If a remote, authenticated attacker sends a specially crafted message to a vulnerable system, they may be able to trigger the buffer overflow.
The Web Client Service is disabled by default on Windows Server 2003, but may be enabled by default in Microsoft Windows XP. For more information about affected components, please refer to MS06-008. This Bulletin supplants Microsoft Security Bulletin MS05-028.
Impact
A remote attacker with valid login credentials may be able to exploit this vulnerability to execute arbitrary code.
Solution
Apply An Update
Microsoft has addressed this issue in Microsoft Security Bulletin MS06-008
Please see Microsoft Security Bulletin MS06-009 for a list of workarounds to mitigate this vulnerability.
Vendor Information
388900
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: February 14, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see <http://www.microsoft.com/technet/security/Bulletin/MS06-008.mspx>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388900 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx>
- <http://www.microsoft.com/technet/security/Bulletin/MS05-028.mspx>
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin MS06-008. Microsoft credits Kostya Kortchinsky of EADS/CRC with providing information regarding this issue.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-0013 |
|---|---|
| Severity Metric: | 5.68 Date Public: |
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.94 High
EPSS
Percentile
99.2%