Vulnerability Description
The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Xp | All versions |
References
- http://www.48bits.com/advisories/rtldospath.pdfExploitVendor Advisory
- http://www.osvdb.org/25761
- http://www.securityfocus.com/archive/1/433583/100/0/threaded
- http://www.securityfocus.com/bid/17934Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26487
- http://www.48bits.com/advisories/rtldospath.pdfExploitVendor Advisory
- http://www.osvdb.org/25761
- http://www.securityfocus.com/archive/1/433583/100/0/threaded
- http://www.securityfocus.com/bid/17934Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26487
FAQ
What is CVE-2006-2334?
CVE-2006-2334 is a vulnerability with a CVSS score of 2.1 (LOW). The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows con...
How severe is CVE-2006-2334?
CVE-2006-2334 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2334?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Xp.