PT-2006-6925 · Microsoft · Windows 2000+1

H07

Published

2006-12-05

Updated

2019-04-30

CVE-2006-6296

CVSS v2.0

6.1

Medium

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows 2000 SP4 Microsoft Windows XP versions prior to SP2

Description The issue is related to the RpcGetPrinterData function in the Print Spooler service, which allows remote attackers to cause a denial of service by consuming memory via an RPC request with a large offered value, specifying the output buffer size.

Recommendations For Microsoft Windows 2000, update to at least SP4 to resolve the issue. For Microsoft Windows XP, update to at least SP2 to resolve the issue. As a temporary workaround, consider restricting access to the Print Spooler service to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2006-6296

Affected Products

Windows 2000

Windows Xp

PT-2006-6925 · Microsoft · Windows 2000+1

CVE-2006-6296

Weakness Enumeration

Related Identifiers

Affected Products

References · 10