CVE-2006-2334

Published: May 12, 2006Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.

Affected (2)

Products: Microsoft: Windows 2000, Windows Xp

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows Xp	All versions

References (10)

http://www.48bits.com/advisories/rtldospath.pdf

Source: cve@mitre.org

ExploitVendor Advisory

http://www.osvdb.org/25761

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/433583/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/17934

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/26487

Source: cve@mitre.org

http://www.48bits.com/advisories/rtldospath.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.osvdb.org/25761

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/433583/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/17934

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/26487

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.