Overview
A vulnerability in the way Microsoft Windows handles SNMP may allow a buffer overflow that may allow remote execution of arbitrary code.
Description
Microsoft Windows contains a buffer overflow that may occur when handling malformed SNMP packets. According to Microsoft Security Bulletin ms06-074 the exploit is triggered by sending a specially crafted SNMP packet to a vulnerable system. Note that the SNMP service is not installed on any version of Microsoft Windows by default. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. |
Solution
Update |
Apply a Workaround
See Microsoft Security Bulletin ms06-074 for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin ms06-074. Microsoft credits Kostya Kortchinsky of Immunity, Inc. and Clement Seguy of the European Aeronautic Defence and Space Company for reporting this issue.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2006-5583 |
| Severity Metric: | 16.40 |
| Date Public: | 2006-12-12 |
| Date First Published: | 2006-12-13 |
| Date Last Updated: | 2007-01-05 19:46 UTC |
| Document Revision: | 20 |