Vulnerability Description
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | - |
| Microsoft | Windows Server 2003 | - |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20635Third Party Advisory
- http://securitytracker.com/id?1016288Third Party AdvisoryVDB Entry
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408Third Party Advisory
- http://www.osvdb.org/26440Broken Link
- http://www.securityfocus.com/bid/18356PatchThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2006/2327Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-03PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26828Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- http://secunia.com/advisories/20635Third Party Advisory
FAQ
What is CVE-2006-2373?
CVE-2006-2373 is a vulnerability with a CVSS score of 10.0 (HIGH). The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscI...
How severe is CVE-2006-2373?
CVE-2006-2373 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2373?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Xp.