New Search

DNS Client Buffer Overrun Vulnerability

oval:org.mitre.oval:def:723

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4 XP SP1 and SP2 and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue there are multiple vectors and likely multiple vulnerabilities related to (1) a heap-based buffer overflow in a DNS server response to the client (2) a DNS server response with malformed ATMA records and (3) a length miscalculation in TXT HINFO X25 and ISDN records.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2006-3441
Product(s):