CVE-2006-2371

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."

Published: Jun 13, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2371
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2003_server	enterprise_edition_64-bit-sp1	enterprise_edition_64-bit-sp1.x
microsoft / windows_2003_server	datacenter_edition_64-bit-sp1	datacenter_edition_64-bit-sp1.x
microsoft / windows_2003_server	standard	standard.x
microsoft / windows_xp	-	-
microsoft / windows_2003_server	web	web.x
microsoft / windows_2003_server	datacenter_edition_64-bit	datacenter_edition_64-bit.x
microsoft / windows_2003_server	enterprise_64-bit	enterprise_64-bit.x
microsoft / windows_2000	-	-
microsoft / windows_2003_server	standard_64-bit	standard_64-bit.x
microsoft / windows_2003_server	enterprise_edition_64-bit	enterprise_edition_64-bit.x
microsoft / windows_2003_server	r2	r2.x
microsoft / windows_2003_server	web-sp1	web-sp1.x
microsoft / windows_2003_server	sp1	sp1.x
microsoft / windows_2003_server	enterprise_edition-sp1	enterprise_edition-sp1.x
microsoft / windows_2003_server	standard-sp1	standard-sp1.x
microsoft / windows_2003_server	datacenter_edition	datacenter_edition.x
microsoft / windows_2003_server	datacenter_edition-sp1	datacenter_edition-sp1.x

Vulnerability Database

290,020

CVE-2006-2371