CVE - CVE-2006-2373

CVE-ID
CVE-2006-2373	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18356 URL:http://www.securityfocus.com/bid/18356 IDEFENSE:20060613 Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow URL:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408 MS:MS06-030 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030 OSVDB:26440 URL:~~http://www.osvdb.org/26440~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:1137 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137 OVAL:oval:org.mitre.oval:def:1730 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730 OVAL:oval:org.mitre.oval:def:1792 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792 OVAL:oval:org.mitre.oval:def:1904 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904 OVAL:oval:org.mitre.oval:def:1942 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942 OVAL:oval:org.mitre.oval:def:2007 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007 SECTRACK:1016288 URL:http://securitytracker.com/id?1016288 SECUNIA:20635 URL:http://secunia.com/advisories/20635 VUPEN:ADV-2006-2327 URL:~~http://www.vupen.com/english/advisories/2006/2327~~ (Obsolete source) XF:win-smb-privilege-escalation(26828) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26828
Assigning CNA
Microsoft Corporation
Date Record Created
20060515	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060515)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)