CVE-2006-6696
Last modified
CVE-2006-6696 is a vulnerability of currently unknown severity. Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.. EPSS estimates a 3.28% chance of exploitation in the next 30 days.
Description
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Windows 2000 | All versions | — |
| Microsoft | Windows 2003 Server | datacenter_edition | — |
| Microsoft | Windows 2003 Server | enterprise_edition | Sp1 |
| Microsoft | Windows 2003 Server | sp1 | — |
| Microsoft | Windows 2003 Server | standard | — |
| Microsoft | Windows 2003 Server | web | — |
| Microsoft | Windows Vista | All versions | — |
| Microsoft | Windows Xp | All versions | — |
References
- http://secunia.com/advisories/23448Vendor Advisory
- http://secunia.com/advisories/23448Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-6696?
How severe is CVE-2006-6696?
How do I fix CVE-2006-6696?
Are you affected by CVE-2006-6696?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST