10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.943 High
EPSS
Percentile
99.2%
The Microsoft DNS Client service contains a remote code execution vulnerability that could allow a remote attacker to take complete control of the affected system.
From Microsoft TechNet:
A remote, unauthenticated attacker can gain complete control of a system, including the ability to install programs, view, change or delete data, or create new accounts, by one of the following means:
Update
Apply the update provided by Microsoft. Refer to Microsoft Security Bulletin MS06-041 for more information.
Block the following DNS related records at network gateways:
* ATMA
* TXT
* X25
* HINFO
* ISDN DNS
794580
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 08, 2006 Updated: August 08, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Update
Apply the update provided by Microsoft. Refer to Microsoft Security Bulletin MS06-041 for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23794580 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Microsoft, who in turn credit Mark Dowd of ISS X-Force for reporting this vulnerability.
This document was written by Joseph W Pruszynski.
CVE IDs: | CVE-2006-3441 |
---|---|
Severity Metric: | 6.75 Date Public: |