CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 08/11/2006
CVE: CVE-2006-3439
BID: 19409
OSVDB: 27845
The Windows Server Service supports file, print, and named-pipe sharing over the network.
A buffer overflow vulnerability in the Windows Server Service allows remote attackers to execute arbitrary commands.
Apply the patch referenced in Microsoft Security Bulletin 06-040.
<http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx>
Exploit works on Windows 2000 and Windows XP SP1. Target computer may reboot after connection is closed.
Windows 2000
Windows XP