CVE-2006-1314

Published: Jul 11, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.

Affected (9)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows Xp

3 products

Windows 2003 Server

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	Version 64-bit
Microsoft Windows 2003 Server	Version itanium
Microsoft Windows 2003 Server	Version r2
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (24)

http://secunia.com/advisories/21007

Source: secure@microsoft.com

http://securityreason.com/securityalert/1212

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/189140

Source: secure@microsoft.com

US Government Resource

http://www.osvdb.org/27154

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/439773/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/18863

Source: secure@microsoft.com

http://www.tippingpoint.com/security/advisories/TSRT-06-02.html

Source: secure@microsoft.com

PatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA06-192A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2006/2753

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/26818

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600

Source: secure@microsoft.com

http://secunia.com/advisories/21007

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/1212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/189140

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.osvdb.org/27154

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/439773/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18863

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.tippingpoint.com/security/advisories/TSRT-06-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA06-192A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2006/2753

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-035

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/26818

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A600

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.