Vulnerability Note VU#189140
Microsoft Server Service Mailslot vulnerable to heap overflow
Overview
A buffer overflow vulnerability in the Microsoft mailslot server service may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Mailslot A mailslot is a temporary mechanism that can facilitate data transfer between hosts. Mailslots messages are limited to 424 bytes, and can use either the TCP or UDP protocol. |
Impact
A remote unauthenticated attacker could execute unauthenitcated arbitrary code with kernel-level privileges. |
Solution
Upgrade |
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Microsoft Corporation | Affected | 11 Jul 2006 | 11 Jul 2006 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx
- http://www.tippingpoint.com/security/advisories/TSRT-06-02.html
- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ipc/base/about_mailslots.asp
- http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx
Credit
Microsoft Security Response Center reported this issue. Microsoft credits Pedram Amini of Tipping Point with reporting information about this issue to them.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: CVE-2006-1314
- Date Public: 11 Jul 2006
- Date First Published: 11 Jul 2006
- Date Last Updated: 18 Jul 2006
- Severity Metric: 11.99
- Document Revision: 18
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.