CVE-2006-6696

Published: Dec 22, 2006Modified: Apr 23, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Affected (29)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows Vista, Windows Xp

4 products

Windows 2003 Server

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	Version datacenter_edition
Microsoft Windows 2003 Server	Version datacenter_edition sp1
Microsoft Windows 2003 Server	Version datacenter_edition sp1_beta_1
Microsoft Windows 2003 Server	Version enterprise_edition sp1
Microsoft Windows 2003 Server	Version enterprise_edition sp1_beta_1
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version standard
Microsoft Windows 2003 Server	Version standard sp1
Microsoft Windows 2003 Server	Version standard sp1_beta_1
Microsoft Windows 2003 Server	Version web
Microsoft Windows 2003 Server	Version web sp1
Microsoft Windows 2003 Server	Version web sp1_beta_1
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (46)

http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx

Source: cve@mitre.org

http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff

Source: cve@mitre.org

http://isc.sans.org/diary.php?n&storyid=1965

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html

Source: cve@mitre.org

http://research.eeye.com/html/alerts/zeroday/20061215.html

Source: cve@mitre.org

http://secunia.com/advisories/23448

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1017433

Source: cve@mitre.org

http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html

Source: cve@mitre.org

http://www.kuban.ru/forum_new/forum2/files/19124.html

Source: cve@mitre.org

http://www.security.nnov.ru/Gnews944.html

Source: cve@mitre.org

http://www.security.nnov.ru/files/messagebox.c

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455061/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455088/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455104/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455158/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455546/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/466331/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21688

Source: cve@mitre.org

http://www.securityfocus.com/bid/23324

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/5120

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1325

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816

Source: cve@mitre.org

http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff

Source: af854a3a-2127-422b-91ae-364da2661108

http://isc.sans.org/diary.php?n&storyid=1965

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://research.eeye.com/html/alerts/zeroday/20061215.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/23448

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1017433

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kuban.ru/forum_new/forum2/files/19124.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.security.nnov.ru/Gnews944.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.security.nnov.ru/files/messagebox.c

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455061/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455088/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455104/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455158/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455546/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/466331/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21688

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23324

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/5120

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/1325

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.