CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.4%
Added: 12/08/2006
CVE: CVE-2006-6183
BID: 21301
OSVDB: 30758
3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows.
A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, specially crafted transporting mode in a GET or PUT request.
Delete the 3Com TFTP server. It is no longer supported by the vendor.
<http://www.securityfocus.com/archive/1/452754>
Exploit works on 3Com TFTP server 2.0.1.
Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003 SP0
Windows Server 2003 SP1 / Windows Server 2003