CVE-2006-3942

Name of the Vulnerable Software and Affected Versions Microsoft Windows NT 4.0 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

Description A denial of service issue exists due to the way the Server service handles certain network messages. This can be exploited by sending a specially crafted network message, potentially causing the system to crash. The issue is related to the ExecuteTransaction function and the handling of SMB messages without null character termination, which can lead to a NULL dereference.

Recommendations For Microsoft Windows NT 4.0, consider disabling the Server service until a patch is available. For Microsoft Windows 2000, restrict access to the Server service to minimize the risk of exploitation. For Microsoft Windows XP, avoid using the Server service for critical operations until the issue is resolved. For Microsoft Windows Server 2003, consider implementing network message filtering to block specially crafted messages.