CVE-2006-6696

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Published: Dec 22, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6696
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
microsoft / windows_vista	-	-
microsoft / windows_2003_server	web-sp1_beta_1	web-sp1_beta_1.x
microsoft / windows_2003_server	datacenter_edition-sp1_beta_1	datacenter_edition-sp1_beta_1.x
microsoft / windows_2003_server	standard	standard.x
microsoft / windows_xp	-	-
microsoft / windows_2003_server	web	web.x
microsoft / windows_2000	-	-
microsoft / windows_2003_server	standard-sp1_beta_1	standard-sp1_beta_1.x
microsoft / windows_2003_server	web-sp1	web-sp1.x
microsoft / windows_2003_server	sp1	sp1.x
microsoft / windows_2003_server	enterprise_edition-sp1	enterprise_edition-sp1.x
microsoft / windows_2003_server	standard-sp1	standard-sp1.x
microsoft / windows_2003_server	enterprise_edition-sp1_beta_1	enterprise_edition-sp1_beta_1.x
microsoft / windows_2003_server	datacenter_edition	datacenter_edition.x
microsoft / windows_2003_server	datacenter_edition-sp1	datacenter_edition-sp1.x

Vulnerability Database

289,599

CVE-2006-6696