CVE-2006-5614
CVE-2006-5614
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 79.1%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
26 Oct 2006Metasploit module available
30 Oct 2006Public PoC
31 Oct 2006Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/2672unverifiedexploitdbwww.exploit-db.com/exploits/2682unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://research.eeye.com/html/alerts/zeroday/20061028.htmlhttp://secunia.com/advisories/22592http://securitytracker.com/id?1017133https://exchange.xforce.ibmcloud.com/vulnerabilities/29917https://www.exploit-db.com/exploits/2672http://www.osvdb.org/30096http://www.securityfocus.com/bid/20804http://www.vupen.com/english/advisories/2006/4248