Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-1314

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.

Published

2006-07-11T21:05:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System microsoft windows_2000 * Yes
Operating System microsoft windows_2003_server 64-bit Yes
Operating System microsoft windows_2003_server itanium Yes
Operating System microsoft windows_2003_server r2 Yes
Operating System microsoft windows_2003_server sp1 Yes
Operating System microsoft windows_2003_server sp1 Yes
Operating System microsoft windows_xp * Yes
Operating System microsoft windows_xp * Yes
Operating System microsoft windows_xp * Yes
References