Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2006-6696
HistoryDec 22, 2006 - 2:28 a.m.

CVE-2006-6696

2006-12-2202:28:00
CWE-119
[email protected]
web.nvd.nist.gov
6

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.577

Percentile

97.7%

JSON

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Affected configurations

Nvd
Node
microsoftwindows_2000
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serverMatchdatacenter_edition
OR
microsoftwindows_2003_serverMatchdatacenter_editionsp1
OR
microsoftwindows_2003_serverMatchdatacenter_editionsp1_beta_1
OR
microsoftwindows_2003_serverMatchenterprise_editionsp1
OR
microsoftwindows_2003_serverMatchenterprise_editionsp1_beta_1
OR
microsoftwindows_2003_serverMatchsp1enterprise
OR
microsoftwindows_2003_serverMatchstandard
OR
microsoftwindows_2003_serverMatchstandardsp1
OR
microsoftwindows_2003_serverMatchstandardsp1_beta_1
OR
microsoftwindows_2003_serverMatchweb
OR
microsoftwindows_2003_serverMatchwebsp1
OR
microsoftwindows_2003_serverMatchwebsp1_beta_1
OR
microsoftwindows_vistadecember_ctp
OR
microsoftwindows_vistabeta
OR
microsoftwindows_vistabeta1
OR
microsoftwindows_vistabeta2
OR
microsoftwindows_xphome
OR
microsoftwindows_xpmedia_center
OR
microsoftwindows_xpgoldprofessional
OR
microsoftwindows_xpsp1home
OR
microsoftwindows_xpsp1media_center
OR
microsoftwindows_xpsp2home
OR
microsoftwindows_xpsp2media_center
OR
microsoftwindows_xpsp2tablet_pc
VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_serverdatacenter_editioncpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
microsoftwindows_2003_serverdatacenter_editioncpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
microsoftwindows_2003_serverdatacenter_editioncpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1:*:*:*:*:*:*
microsoftwindows_2003_serverenterprise_editioncpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
microsoftwindows_2003_serverenterprise_editioncpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1:*:*:*:*:*:*
Rows per page:
1-10 of 291

References

Related

canvas 1
cvelist 2
exploitdb 2
checkpoint_advisories 1
cve 2
openvas 2
nvd 1
nessus 1
securityvulns 2
canvas
canvas
Immunity Canvas: LOCALLPC
2006-12-22 02:28:00
cvelist
cvelist
CVE-2006-6696
2006-12-22 02:00:00
CVE-2006-6797
2006-12-28 15:00:00
exploitdb
exploitdb
Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure
2006-12-27 00:00:00
Microsoft Windows - 'MessageBox' Memory Corruption Local Denial of Service
2006-12-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows CSRSS HardError Message Box (MS07-021; CVE-2006-6696)
2010-03-23 00:00:00
cve
cve
CVE-2006-6696
2006-12-22 02:28:00
CVE-2006-6797
2006-12-28 15:28:00
openvas
openvas
Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
2011-01-14 00:00:00
Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
2011-01-14 00:00:00
nvd
nvd
CVE-2006-6797
2006-12-28 15:28:00
nessus
nessus
MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
2007-04-10 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
2007-04-11 00:00:00
Microsoft Windows memory corruption
2007-04-11 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.577

Percentile

97.7%

JSON
Related for NVD:CVE-2006-6696
canvas1cvelist2exploitdb2checkpoint_advisories1cve2openvas2nvd1nessus1securityvulns2