CVE-2006-2373

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Server 2003 SP2 Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 and SP2

Description The issue concerns an elevation of privilege vulnerability in the Server Message Block (SMB) driver. It allows local users to execute arbitrary code, potentially giving an attacker complete control of the affected system. This is achieved by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD NEITHER method flag and an arbitrary address.

Recommendations For Microsoft Windows 2000 SP4, consider applying security patches or updates to mitigate the risk. For Microsoft Windows XP SP1 and SP2, apply the recommended security updates to resolve the issue. For versions prior to Server 2003 SP2, update to Server 2003 SP2 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the MrxSmbCscIoctlOpenForCopyChunk function until a patch is available.