SANS ISC: MS06-041: Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

MS06-041 - KB 920683 - CVE-2006-3440 - CVE-2006-3441

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Apply the update immediately

Affected Software:

Windows 2000 SP4
Windows XP SP1 and SP2
Windows XP for x64
Windows Server 2003 (including SP1)
Windows Server 2003 for Itanium (including SP1)
Windows Server 2003 for x64

There are two vulnerabilities covered in this bulletin:

Winsock Hostname Vulnerability - CVE-2006-3440:

There is a remote code execution vulnerability in Winsock that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. For an attack to be successful the attacker would have to force the user to open a file or visit a website that is specially crafted to call the affected Winsock API.

DNS Client Buffer Overrun Vulnerability - CVE-2006-3441:

There is a remote code execution vulnerability in the DNS Client service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Marcus H. Sachs
SRI International