CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
93.5%
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka “SMB Information Disclosure Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | server_service | * | cpe:2.3:a:microsoft:server_service:*:*:*:*:*:*:*:* |
secunia.com/advisories/21007
securitytracker.com/id?1016467
www.kb.cert.org/vuls/id/333636
www.osvdb.org/27155
www.securityfocus.com/archive/1/439881/100/0/threaded
www.securityfocus.com/bid/18891
www.vupen.com/english/advisories/2006/2753
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035
exchange.xforce.ibmcloud.com/vulnerabilities/26820
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3