Vulnerability Note VU#778036
Microsoft Workstation Service fails to properly parse malformed network messages
A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code.
Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted network messages. According to Microsoft Security Bulletin MS06-070:
On Windows 2000 Service Pack 4 any anonymous user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability. On Windows XP Service Pack 2 the attack could only be successfully performed by a user with Administrator privileges.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Nov 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin MS06-070. Microsoft credits eEye for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2006-4691
- Date Public: 14 Nov 2006
- Date First Published: 15 Nov 2006
- Date Last Updated: 21 Nov 2006
- Severity Metric: 18.63
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.