CVE-2006-2372: Buffer Overflow
First published: Tue Jul 11 2006(Updated: )
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft DHCP Client Service |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf
- http://www.securityfocus.com/bid/18923
- http://secunia.com/advisories/21010
- http://www.us-cert.gov/cas/techalerts/TA06-192A.html
- http://www.kb.cert.org/vuls/id/257164
- http://securitytracker.com/id?1016468
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0222.html
- http://www.osvdb.org/27151
- http://securityreason.com/securityalert/1201
- http://www.vupen.com/english/advisories/2006/2754
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A232
- https://www.exploit-db.com/exploits/2054
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-036
- http://www.securityfocus.com/archive/1/444631/100/0/threaded
- http://www.securityfocus.com/archive/1/439675/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-2372?
CVE-2006-2372 has a critical severity level due to the potential for remote code execution.
How do I fix CVE-2006-2372?
To fix CVE-2006-2372, apply the latest security patches from Microsoft for affected systems.
What systems are affected by CVE-2006-2372?
CVE-2006-2372 affects Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003 up to SP1.
What kind of attack does CVE-2006-2372 facilitate?
CVE-2006-2372 allows remote attackers to execute arbitrary code via a crafted DHCP response.
Is CVE-2006-2372 still a risk for modern systems?
CVE-2006-2372 primarily affects older Microsoft Windows versions and may not be a risk for modern systems with updated security.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft dhcp client service