CVE-2006-2372
CVE-2006-2372
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 90.2%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
11 Jul 2006Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/2054unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0222.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-036http://secunia.com/advisories/21010http://securityreason.com/securityalert/1201http://securitytracker.com/id?1016468https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A232https://www.exploit-db.com/exploits/2054http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdfhttp://www.kb.cert.org/vuls/id/257164http://www.osvdb.org/27151http://www.securityfocus.com/archive/1/439675/100/0/threadedhttp://www.securityfocus.com/archive/1/444631/100/0/threaded