QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3441

Published: Aug 9, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MS

vdb-entry

x_refsource_SECTRACK

win-dns-client-bo(28013)

vdb-entry

x_refsource_XF

20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability

third-party-advisory

x_refsource_ISS

20060808 Microsoft DNS Client Integer Overflow Vulnerability

third-party-advisory

x_refsource_ISS

dns-data-string-bo(28240)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:723

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_BID

20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability

third-party-advisory

x_refsource_ISS

dns-rrdatalen-underflow(24586)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.